Overview

overview

10

Static

static

3

Perx Injec...ed.exe

windows7-x64

10

Perx Injec...ed.exe

windows10-2004-x64

10

[H]aaBX Pu...T).dll

windows7-x64

3

[H]aaBX Pu...T).dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_2034985c42a9db1f0d915647dcd6bc10

  • Size

    312KB

  • Sample

    250124-lstmestmfp

  • MD5

    2034985c42a9db1f0d915647dcd6bc10

  • SHA1

    e5f68a454a32f42ab103770ecf3617747b1dd388

  • SHA256

    30c217930b807be8186a24a3e4d1b66f418e3e9652b3991486d21fdfbfe9020c

  • SHA512

    8da41079d15ad059bc733bc7a2e4bb7813926791c6d78f65f79f081d17a3265eb1edd61242d2d0b34e5f664850a108df286807ee63cd329370685ea4e7f4a656

  • SSDEEP

    6144:sKhAhNyDu6uxZ3EL612KbSMIXPfabjYlOx7c7Q2rEDyAt+d4z5EjIBX:sYAnQu6u4nK+MefaAIxcEgEDLt+Oz5EW

Score
10/10
xtremeratdiscoverypersistenceratspywareupx

Malware Config

Targets

    • Target

      Perx Injector (x1nject) Remake and Updated.exe

    • Size

      351KB

    • MD5

      6850df03b1fb664f27b920ee096b6ea0

    • SHA1

      a75decb81cd2fb6a1b553b27abb84f61ffed588f

    • SHA256

      e2d8a3a1be1ad78f29f691b20d783b25049d37ccb138002f32e3d74b4e7b2681

    • SHA512

      d30e5c5c91b3eab309afdbedd43b682466472304ac40e725b42dc528053b91b841513f5816dd2d95b514233ee871bacc0890c405a79a2129cef4f16681314df3

    • SSDEEP

      6144:UFw8wzBhaEUJ45mHm3pvr27NabMngLbljkt1E0OTcUtqZ8na29Rd97BSX5Ep:UFszBhqS5mwvezgLZkE0Oo2q+a8zna5I

    Score
    10/10
    xtremeratdiscoverypersistenceratspywareupx

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Xtremerat family

      xtremerat

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      [H]aaBX Public Hack V1 (MPGH.NET).dll

    • Size

      8KB

    • MD5

      f2c3b304b4c136c7b2fd41efca025be7

    • SHA1

      2c19db1adeee436c60a2938a927c66c1060fa109

    • SHA256

      ac5174c7071d4471f98760a5ee789eb0ddd2e8cb6bec5906ae1189b6118f9308

    • SHA512

      4c4b76c2c4026d17f1dcf94800cd5fa34a8a75178ca3664b994c5003be7f070e6679a7a33d22d5f3f2eca3400c376e537ae519c8b522a675aca19f5291fbd91e

    • SSDEEP

      192:fTdp1Vr7VNGJD5fAJvv9OekQaNFRe3X3PGR6Js2:5lvVqGX9Oek5NrCnPGe

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks