General
-
Target
JaffaCakes118_4a693446792b675dc1a696243daf2a69
-
Size
273KB
-
Sample
250128-nn4myazpfm
-
MD5
4a693446792b675dc1a696243daf2a69
-
SHA1
e511470874a395fe62a41a3187cb1d99efdb2c7f
-
SHA256
3ec87973043ab21052720fad3e265056f2116be61faeae99cc7418a07e2c5c1a
-
SHA512
1ee0f1968699250d2ea151bcabcd2f76a963629b4b7a14af5c3541ddf528e7e820cffceecedc027e466903c710aee6ff630d3cec9136196b45c7bf3a33ca27fd
-
SSDEEP
6144:BcnJi3YZeeoLPhqdVO0FP5tvPywCRooB52kzfbvQxh9vppH6bp:ObeeVBFP3vPxCRB5bbvEpH6bp
Malware Config
Targets
-
-
Target
JaffaCakes118_4a693446792b675dc1a696243daf2a69
-
Size
273KB
-
MD5
4a693446792b675dc1a696243daf2a69
-
SHA1
e511470874a395fe62a41a3187cb1d99efdb2c7f
-
SHA256
3ec87973043ab21052720fad3e265056f2116be61faeae99cc7418a07e2c5c1a
-
SHA512
1ee0f1968699250d2ea151bcabcd2f76a963629b4b7a14af5c3541ddf528e7e820cffceecedc027e466903c710aee6ff630d3cec9136196b45c7bf3a33ca27fd
-
SSDEEP
6144:BcnJi3YZeeoLPhqdVO0FP5tvPywCRooB52kzfbvQxh9vppH6bp:ObeeVBFP3vPxCRB5bbvEpH6bp
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1