General
-
Target
JaffaCakes118_2c26039e56dba8c87aca750768323254
-
Size
436KB
-
Sample
250113-v2mpxa1jez
-
MD5
2c26039e56dba8c87aca750768323254
-
SHA1
ef23c40945cfa3ffe59902f94196f3d09fb7b06a
-
SHA256
2ccba5a40f9a6081b2c08be0f88af0c787ce93283769953ef2f1379d2bba24ec
-
SHA512
eb36f9915ceea23b48dd518041c6d475d225c689eb53c985dc8aefd152cc8ea7516a881d9e71c947a8b2bc09766b36d402f12d2852f0d4cc6354e69151d8dfec
-
SSDEEP
12288:Yqiirq+B7QakRRVf2pHQfoMP38ZMdAR1mTyz2:YqrrnB7vkd2pHQfrP38ZlR1Zz2
Malware Config
Targets
-
-
Target
JaffaCakes118_2c26039e56dba8c87aca750768323254
-
Size
436KB
-
MD5
2c26039e56dba8c87aca750768323254
-
SHA1
ef23c40945cfa3ffe59902f94196f3d09fb7b06a
-
SHA256
2ccba5a40f9a6081b2c08be0f88af0c787ce93283769953ef2f1379d2bba24ec
-
SHA512
eb36f9915ceea23b48dd518041c6d475d225c689eb53c985dc8aefd152cc8ea7516a881d9e71c947a8b2bc09766b36d402f12d2852f0d4cc6354e69151d8dfec
-
SSDEEP
12288:Yqiirq+B7QakRRVf2pHQfoMP38ZMdAR1mTyz2:YqrrnB7vkd2pHQfrP38ZlR1Zz2
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1