Overview

overview

10

Static

static

3

JaffaCakes...a4.exe

windows7-x64

10

JaffaCakes...a4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_408ada72ef896c74b9b1b87f9aafa6a4

  • Size

    88KB

  • Sample

    250127-rwtz9asqes

  • MD5

    408ada72ef896c74b9b1b87f9aafa6a4

  • SHA1

    3756437ae26e6e9396abe8d6dc46d5225a2be864

  • SHA256

    421be00c8c37e21d821afeda49295a50db50f8a4d82393da19c9f88e099a2b0f

  • SHA512

    c4c93282f6829d4e88b897d18e2322e4de0accdc76321c1206d8a960d20351c0c8dbfba1482d418597e6783190636e259244038d8bac8556bcbc45a93eba4b4d

  • SSDEEP

    1536:7WNNy/6WXAwAO7HXumAQFEE1aZgir/OuunOphcmesGvXcXoLw/wKlUH:5/bxAODf1w8naxayos/wpH

Score
10/10
xtremeratdiscoverypersistenceratspyware

Malware Config

Targets

    • Target

      JaffaCakes118_408ada72ef896c74b9b1b87f9aafa6a4

    • Size

      88KB

    • MD5

      408ada72ef896c74b9b1b87f9aafa6a4

    • SHA1

      3756437ae26e6e9396abe8d6dc46d5225a2be864

    • SHA256

      421be00c8c37e21d821afeda49295a50db50f8a4d82393da19c9f88e099a2b0f

    • SHA512

      c4c93282f6829d4e88b897d18e2322e4de0accdc76321c1206d8a960d20351c0c8dbfba1482d418597e6783190636e259244038d8bac8556bcbc45a93eba4b4d

    • SSDEEP

      1536:7WNNy/6WXAwAO7HXumAQFEE1aZgir/OuunOphcmesGvXcXoLw/wKlUH:5/bxAODf1w8naxayos/wpH

    Score
    10/10
    xtremeratdiscoverypersistenceratspyware

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Xtremerat family

      xtremerat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks