General
-
Target
298d23c0ecd0b23b303eed58288e8209_JaffaCakes118
-
Size
1.2MB
-
Sample
240509-mm6kgafg75
-
MD5
298d23c0ecd0b23b303eed58288e8209
-
SHA1
7536e0937095311b8565adbadea597e99745d774
-
SHA256
2ce70e3ec75c2e85928d0590e3d0909bd0fdb28600a5b3443a527d6560de01e6
-
SHA512
bb6766ac874e69d8a37575ffa5e450724b638e82c1e9316bb58f2252d1d047e450686c27c4549e17e19ed5d66207997bff1b0ed2b06a58f9c343785acaf85bb8
-
SSDEEP
3072:gG5yzbGfgyr9z+zyC5yQDVeImFoOS042ywxsaH2+MgsVIVzn0f+CD:AbCRz++OMIgmSzBsyVgf9
Static task
static1
Behavioral task
behavioral1
Sample
298d23c0ecd0b23b303eed58288e8209_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
xpertrat
3.0.10
Group
46.183.220.104:10101
K8P3I007-I4G2-R2U0-V0G8-T1Q3K5W771L5
Targets
-
-
Target
298d23c0ecd0b23b303eed58288e8209_JaffaCakes118
-
Size
1.2MB
-
MD5
298d23c0ecd0b23b303eed58288e8209
-
SHA1
7536e0937095311b8565adbadea597e99745d774
-
SHA256
2ce70e3ec75c2e85928d0590e3d0909bd0fdb28600a5b3443a527d6560de01e6
-
SHA512
bb6766ac874e69d8a37575ffa5e450724b638e82c1e9316bb58f2252d1d047e450686c27c4549e17e19ed5d66207997bff1b0ed2b06a58f9c343785acaf85bb8
-
SSDEEP
3072:gG5yzbGfgyr9z+zyC5yQDVeImFoOS042ywxsaH2+MgsVIVzn0f+CD:AbCRz++OMIgmSzBsyVgf9
-
XpertRAT Core payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-