General
-
Target
JaffaCakes118_b95558f4ad156875239e8e96c109eaf7
-
Size
65KB
-
Sample
250415-e8xwfsstct
-
MD5
b95558f4ad156875239e8e96c109eaf7
-
SHA1
593a2036754c3086b7bcd65f6a9d07ebd86af982
-
SHA256
38a1821065b4bb6a795931979792960a00f5a845a0f3d0e415d21ea6e787b7a8
-
SHA512
8ce6f218e95a067f6c83742bd77b39a4746b63fc3f9fc78bfe5abbfd109a3f6b104af9e2e08ed54fc279451eca5cfab79f4ce564696457a84bba8e46393c16f6
-
SSDEEP
768:i8m1Sq4NQErBsH1tzoisBKQI6dObAG/dq8uW29Ifnca/yyR+P2ujfGiZKPA+7Xoe:Qsq+QV4rObAdXWpf/y+7ozNwiXoP
Malware Config
Extracted
xtremerat
silent-hilll.no-ip.biz
Targets
-
-
Target
JaffaCakes118_b95558f4ad156875239e8e96c109eaf7
-
Size
65KB
-
MD5
b95558f4ad156875239e8e96c109eaf7
-
SHA1
593a2036754c3086b7bcd65f6a9d07ebd86af982
-
SHA256
38a1821065b4bb6a795931979792960a00f5a845a0f3d0e415d21ea6e787b7a8
-
SHA512
8ce6f218e95a067f6c83742bd77b39a4746b63fc3f9fc78bfe5abbfd109a3f6b104af9e2e08ed54fc279451eca5cfab79f4ce564696457a84bba8e46393c16f6
-
SSDEEP
768:i8m1Sq4NQErBsH1tzoisBKQI6dObAG/dq8uW29Ifnca/yyR+P2ujfGiZKPA+7Xoe:Qsq+QV4rObAdXWpf/y+7ozNwiXoP
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1