General
-
Target
09af6af8414796014eadbaf0c7e51299_JaffaCakes118
-
Size
265KB
-
Sample
240624-varjsaselh
-
MD5
09af6af8414796014eadbaf0c7e51299
-
SHA1
5b2b4d6a2085467da0305fc4d86e994a1e595ff5
-
SHA256
167d8b5e0392d57036e84f7bf0a11b4eb65b375a748d9a1577b41bbcd09e5a4f
-
SHA512
a90e218edc60741245cb15019a3cfd940ccec9052e5136c7da0f5f6e8c80ce631268d2440f44663575016352932015ac780bce1525d54bcb53d987dfd95a9b43
-
SSDEEP
6144:QTsztutahaAz4PIrX+LieeVRegtjU8Lcsaesxwrq:QTQtutBAcPpeVRegZU8Arl
Malware Config
Targets
-
-
Target
09af6af8414796014eadbaf0c7e51299_JaffaCakes118
-
Size
265KB
-
MD5
09af6af8414796014eadbaf0c7e51299
-
SHA1
5b2b4d6a2085467da0305fc4d86e994a1e595ff5
-
SHA256
167d8b5e0392d57036e84f7bf0a11b4eb65b375a748d9a1577b41bbcd09e5a4f
-
SHA512
a90e218edc60741245cb15019a3cfd940ccec9052e5136c7da0f5f6e8c80ce631268d2440f44663575016352932015ac780bce1525d54bcb53d987dfd95a9b43
-
SSDEEP
6144:QTsztutahaAz4PIrX+LieeVRegtjU8Lcsaesxwrq:QTQtutBAcPpeVRegZU8Arl
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-