General
-
Target
JaffaCakes118_e9f580124e591f15b01cbad52dd2b6b1
-
Size
370KB
-
Sample
250211-y4wmdayqcm
-
MD5
e9f580124e591f15b01cbad52dd2b6b1
-
SHA1
365456e0a37470985b0ab3de2a336cf2f1fcaeee
-
SHA256
2ebd28e1e6f610f3fd34887bec214b9db28ad1f8d3ef2f62392f219096821fc8
-
SHA512
0c26253464357a6b644ecd7d7ea7b40dab4c592b960eed682bb3455751971f99cdcc54b1b08069a007dd398803401c64b8d68bf68a9c3efd742d88a487ae191c
-
SSDEEP
6144:ffQcfR5nKoS4DZ3A+E0I8IQB2vI1CDitFuZtzzk7fPxSnyVNck/iPJgsROBevh+6:rKoS493ACIl7vI1kiqHNnyVek/a4QmHg
Malware Config
Targets
-
-
Target
JaffaCakes118_e9f580124e591f15b01cbad52dd2b6b1
-
Size
370KB
-
MD5
e9f580124e591f15b01cbad52dd2b6b1
-
SHA1
365456e0a37470985b0ab3de2a336cf2f1fcaeee
-
SHA256
2ebd28e1e6f610f3fd34887bec214b9db28ad1f8d3ef2f62392f219096821fc8
-
SHA512
0c26253464357a6b644ecd7d7ea7b40dab4c592b960eed682bb3455751971f99cdcc54b1b08069a007dd398803401c64b8d68bf68a9c3efd742d88a487ae191c
-
SSDEEP
6144:ffQcfR5nKoS4DZ3A+E0I8IQB2vI1CDitFuZtzzk7fPxSnyVNck/iPJgsROBevh+6:rKoS493ACIl7vI1kiqHNnyVek/a4QmHg
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1