General
-
Target
JaffaCakes118_6509b534a745133b64d524355a71b050
-
Size
67KB
-
Sample
250102-phcgya1qds
-
MD5
6509b534a745133b64d524355a71b050
-
SHA1
d4ecd58a840be99ec5cd62a4e9e14d1fcf68ac6f
-
SHA256
d0ab150d4dbe72adc755f6157a8adf1065720ad6d36af5731eb99644f60305b6
-
SHA512
c4b7055db8a0e283f41c869170b2fcab5bb4dc190e049e357be8671bba00e8543f1fe99a6262413fb36d982ac9b842f45fe8f3d285e8346a5e999252d9eed4a4
-
SSDEEP
1536:rBzvwXhupO/ijb7BT7/396+xuP3OL8U9vhc:rBvwcUifdT7/t6+xuP3c8Shc
Malware Config
Targets
-
-
Target
JaffaCakes118_6509b534a745133b64d524355a71b050
-
Size
67KB
-
MD5
6509b534a745133b64d524355a71b050
-
SHA1
d4ecd58a840be99ec5cd62a4e9e14d1fcf68ac6f
-
SHA256
d0ab150d4dbe72adc755f6157a8adf1065720ad6d36af5731eb99644f60305b6
-
SHA512
c4b7055db8a0e283f41c869170b2fcab5bb4dc190e049e357be8671bba00e8543f1fe99a6262413fb36d982ac9b842f45fe8f3d285e8346a5e999252d9eed4a4
-
SSDEEP
1536:rBzvwXhupO/ijb7BT7/396+xuP3OL8U9vhc:rBvwcUifdT7/t6+xuP3c8Shc
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1