General
-
Target
JaffaCakes118_41be7aa210952457b9031be6e84ebf2d
-
Size
21KB
-
Sample
250127-vegv5synhr
-
MD5
41be7aa210952457b9031be6e84ebf2d
-
SHA1
146860ff9ff4de3cc56b79b5c98fc6fa147a6888
-
SHA256
3f5135b7d88a6ff4897fe59a8d731db02bab552238e84d37ac9c4f1b994b64a4
-
SHA512
f594b4826353723f5e083b1f30043e9d58fe49cf6d87e13b1c9cbc95cbf04aa35a76df835cdadefaed0dda9e1fe925b5e94601508b14a62749850966fe4b0831
-
SSDEEP
384:IdIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlApQ461xR/AcUVspLR:uIsF81fG9QveLOYTe5Yi2pQH7eV8
Malware Config
Extracted
xtremerat
vipahmed.no-ip.biz
Targets
-
-
Target
JaffaCakes118_41be7aa210952457b9031be6e84ebf2d
-
Size
21KB
-
MD5
41be7aa210952457b9031be6e84ebf2d
-
SHA1
146860ff9ff4de3cc56b79b5c98fc6fa147a6888
-
SHA256
3f5135b7d88a6ff4897fe59a8d731db02bab552238e84d37ac9c4f1b994b64a4
-
SHA512
f594b4826353723f5e083b1f30043e9d58fe49cf6d87e13b1c9cbc95cbf04aa35a76df835cdadefaed0dda9e1fe925b5e94601508b14a62749850966fe4b0831
-
SSDEEP
384:IdIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlApQ461xR/AcUVspLR:uIsF81fG9QveLOYTe5Yi2pQH7eV8
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1