General
-
Target
085e89b8c2a49aa819549e372a82a456_JaffaCakes118
-
Size
628KB
-
Sample
240429-xezgasab5z
-
MD5
085e89b8c2a49aa819549e372a82a456
-
SHA1
844494e6e33fd48479b7509202a6fcbf43a0303e
-
SHA256
35cbc9343c28832d7bd8fca706ba5c8d68a9d3250b11346239c5c48432fbb332
-
SHA512
e72de6ca5683eaee8800d31ce4dc427d6d5e9c5adc5bcab4728f83666b486eed0c17c445c930e22e109861535f65a765c2a957ff8d09d86e8513ea2fb5f0fd8b
-
SSDEEP
12288:Y2wm3VGxU4zxgc5E8k7xsfDdOjmVOAbbbbbb7nnnnnMhPhPhPhPhPhF:Pwm3Yxpz5nktI6mVfbbbbbb7nnnnnMhJ
Static task
static1
Behavioral task
behavioral1
Sample
085e89b8c2a49aa819549e372a82a456_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
xpertrat
3.0.10
Test
140.82.57.249:3614
N3S7K4V2-L8C6-M6Q5-Y5I3-V6L7F1Y2X5G0
Targets
-
-
Target
085e89b8c2a49aa819549e372a82a456_JaffaCakes118
-
Size
628KB
-
MD5
085e89b8c2a49aa819549e372a82a456
-
SHA1
844494e6e33fd48479b7509202a6fcbf43a0303e
-
SHA256
35cbc9343c28832d7bd8fca706ba5c8d68a9d3250b11346239c5c48432fbb332
-
SHA512
e72de6ca5683eaee8800d31ce4dc427d6d5e9c5adc5bcab4728f83666b486eed0c17c445c930e22e109861535f65a765c2a957ff8d09d86e8513ea2fb5f0fd8b
-
SSDEEP
12288:Y2wm3VGxU4zxgc5E8k7xsfDdOjmVOAbbbbbb7nnnnnMhPhPhPhPhPhF:Pwm3Yxpz5nktI6mVfbbbbbb7nnnnnMhJ
-
XpertRAT Core payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Program crash
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1