General
-
Target
ef79e995389c18d39a1f66d01dfd30de_JaffaCakes118
-
Size
173KB
-
Sample
240414-zl7scsga7z
-
MD5
ef79e995389c18d39a1f66d01dfd30de
-
SHA1
3a7e76d21358492de1888254d42d264f3b91b7cb
-
SHA256
a24e66145272a336325efcf80f5bf89134c9336475646676991a76a9f9a58484
-
SHA512
b0da3b5900bc43b5965df94e538ca6a8e702885df24c0954c0ade7c5ef10f8cf7482f25fd056f363684f7ea3129d93e8c0fbfd646b6bf4e5bb72ec402922b2fc
-
SSDEEP
3072:r1Cn0TCDQZLxo/hAuFfByDQZLxo/hAuFfBGo:rcnAMDuDE
Behavioral task
behavioral1
Sample
ef79e995389c18d39a1f66d01dfd30de_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ef79e995389c18d39a1f66d01dfd30de_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
ef79e995389c18d39a1f66d01dfd30de_JaffaCakes118
-
Size
173KB
-
MD5
ef79e995389c18d39a1f66d01dfd30de
-
SHA1
3a7e76d21358492de1888254d42d264f3b91b7cb
-
SHA256
a24e66145272a336325efcf80f5bf89134c9336475646676991a76a9f9a58484
-
SHA512
b0da3b5900bc43b5965df94e538ca6a8e702885df24c0954c0ade7c5ef10f8cf7482f25fd056f363684f7ea3129d93e8c0fbfd646b6bf4e5bb72ec402922b2fc
-
SSDEEP
3072:r1Cn0TCDQZLxo/hAuFfByDQZLxo/hAuFfBGo:rcnAMDuDE
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-