General
-
Target
JaffaCakes118_c5bac479c0660eb1daaf288964780811
-
Size
65KB
-
Sample
250208-wgkv9aymgj
-
MD5
c5bac479c0660eb1daaf288964780811
-
SHA1
39cdf50066aef61acba061188f8d81f0f166c00a
-
SHA256
14e3f297d712ed8110e276a6f1ab54b593dc1064eff8a795670b5d09cf49ad98
-
SHA512
43837281ebde3759b86186f90347c3c89f65bbaa95695e79b09b9b712943ae3f6cc70a584019eb94d96e7204a98d81bedec2f4016163a208eccb3122e7d4a528
-
SSDEEP
768:W8m1Sq4NQErBsH1tzoisBKQI6dObAG/dqOXHsoAx5JXrUqLOY0pYKnA+7PoNw8zM:ksq+QV4rObAdNoAf5UqiYmlArNwMoF5
Malware Config
Extracted
xtremerat
wer99.no-ip.org
Targets
-
-
Target
JaffaCakes118_c5bac479c0660eb1daaf288964780811
-
Size
65KB
-
MD5
c5bac479c0660eb1daaf288964780811
-
SHA1
39cdf50066aef61acba061188f8d81f0f166c00a
-
SHA256
14e3f297d712ed8110e276a6f1ab54b593dc1064eff8a795670b5d09cf49ad98
-
SHA512
43837281ebde3759b86186f90347c3c89f65bbaa95695e79b09b9b712943ae3f6cc70a584019eb94d96e7204a98d81bedec2f4016163a208eccb3122e7d4a528
-
SSDEEP
768:W8m1Sq4NQErBsH1tzoisBKQI6dObAG/dqOXHsoAx5JXrUqLOY0pYKnA+7PoNw8zM:ksq+QV4rObAdNoAf5UqiYmlArNwMoF5
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1