Extracted

• • Target

    JaffaCakes118_0ac0ffcca354d86416b46dbe4a9a5e84

  • Size

    36KB

  • MD5

    0ac0ffcca354d86416b46dbe4a9a5e84

  • SHA1

    e40b5d19b2340ad2a739391f969912d43a0d93d8

  • SHA256

    bc771a151e702b46e62755760588a27402d8d434f7489d78a7a53de6bd92ef63

  • SHA512

    50aaadd9055a4dacf43bf18adf72e12ec71778dd03ee07afd2509473460a86f0e3ff4eca8ae1bf13636f1e0f8ed6c500d03df184c73aba53d1c088071904ebd9

  • SSDEEP

    768:O1PWaaTmypGPRihzo1J+DqSVKZILneRg0ZLJySidfI:I+aaq3VQqKre/ZeI

  Score

  10^/10

  modiloaderxtremeratdiscoverypersistenceratspywaretrojanupx

  • Detect XtremeRAT payload

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • Modiloader family

    modiloader

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • ModiLoader Second Stage

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2