Overview

overview

10

Static

static

3

JaffaCakes...a3.exe

windows7-x64

10

JaffaCakes...a3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_a4e6731d6dfb5fc2aec67f948531f2a3

  • Size

    280KB

  • Sample

    250118-kfmsnsyphq

  • MD5

    a4e6731d6dfb5fc2aec67f948531f2a3

  • SHA1

    2547612b3e99595ec3f781b3f4330e1984187d4b

  • SHA256

    22e1a12e81de9af68abc0dfc9297db0d4e85ba89cda1b3f09e861bc16653c671

  • SHA512

    9fa8b8c691a1346eac3cd07307eed1956ed1dc44952bd48a2a16e515f88d4cd40fa2f867bb954645a4c848a587c203b0192dfde91a8f49f18ecd771ac2fffa3c

  • SSDEEP

    6144:oBfoRaU6E0ugM1Mc+2Pn81iJt2+/XNgjDMr1gkaAO/74+:omV6EgM1pP81it2+/dcDMreky7N

Score
10/10
xtremeratdiscoverypersistenceratspyware

Malware Config

Extracted

Family

xtremerat

C2

￿￿￿￿Ɛᮽ唅∛i2lb.sytes.net

Targets

    • Target

      JaffaCakes118_a4e6731d6dfb5fc2aec67f948531f2a3

    • Size

      280KB

    • MD5

      a4e6731d6dfb5fc2aec67f948531f2a3

    • SHA1

      2547612b3e99595ec3f781b3f4330e1984187d4b

    • SHA256

      22e1a12e81de9af68abc0dfc9297db0d4e85ba89cda1b3f09e861bc16653c671

    • SHA512

      9fa8b8c691a1346eac3cd07307eed1956ed1dc44952bd48a2a16e515f88d4cd40fa2f867bb954645a4c848a587c203b0192dfde91a8f49f18ecd771ac2fffa3c

    • SSDEEP

      6144:oBfoRaU6E0ugM1Mc+2Pn81iJt2+/XNgjDMr1gkaAO/74+:omV6EgM1pP81it2+/dcDMreky7N

    Score
    10/10
    xtremeratdiscoverypersistenceratspyware

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Xtremerat family

      xtremerat

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks