General
-
Target
JaffaCakes118_6535782602983133515cb2577301a19c
-
Size
849KB
-
Sample
250102-p17qsssmaz
-
MD5
6535782602983133515cb2577301a19c
-
SHA1
2850db95b9a240570f1949e0aea9211acd0a70e8
-
SHA256
a454f35bc41058dd917250fd6b6dbd9af8bc6769d84d2165ff224720245ac4aa
-
SHA512
73ad633a258232f161427b8429aaf40f5f32869575ea74c6365d6ade1379c0f7f3a95d54434891b2a96fcbfe0d3f972de867e3632c8b504f300d712c0855015b
-
SSDEEP
12288:shkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4a5Vqw68ArAhgv+qFvHPRi6:kRmJkcoQricOIQxiZY1ia5VqPagvoa
Malware Config
Targets
-
-
Target
JaffaCakes118_6535782602983133515cb2577301a19c
-
Size
849KB
-
MD5
6535782602983133515cb2577301a19c
-
SHA1
2850db95b9a240570f1949e0aea9211acd0a70e8
-
SHA256
a454f35bc41058dd917250fd6b6dbd9af8bc6769d84d2165ff224720245ac4aa
-
SHA512
73ad633a258232f161427b8429aaf40f5f32869575ea74c6365d6ade1379c0f7f3a95d54434891b2a96fcbfe0d3f972de867e3632c8b504f300d712c0855015b
-
SSDEEP
12288:shkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4a5Vqw68ArAhgv+qFvHPRi6:kRmJkcoQricOIQxiZY1ia5VqPagvoa
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1