General
-
Target
3682ae69d86e795178c38cdcd7f5f4d9_JaffaCakes118
-
Size
148KB
-
Sample
240710-1lb65atfqh
-
MD5
3682ae69d86e795178c38cdcd7f5f4d9
-
SHA1
ad6216738133a8bd746930fab9f31b8ed95d1c00
-
SHA256
e6775fe9d0bb612dd40712b634cb7782371f3fb3a27dc594ad2a8d2d1b93727c
-
SHA512
3fc49bb7e9fb9341ceed17df3c6ebb663fb2f0f0b26734fc40e6b54fcc6b3d17a7d0d5207c4383c275dbaecb31215cbc6533b7376c792f7c9adf283512548371
-
SSDEEP
3072:wEjCFqdW7KeEwYJUZVaqB2fJJf8V1ere4HoahAuqYJX5mZtKzZH8W:wEjC4c7KeEwYJUZVa42zfKMvALYJkZtm
Static task
static1
Behavioral task
behavioral1
Sample
3682ae69d86e795178c38cdcd7f5f4d9_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
3682ae69d86e795178c38cdcd7f5f4d9_JaffaCakes118
-
Size
148KB
-
MD5
3682ae69d86e795178c38cdcd7f5f4d9
-
SHA1
ad6216738133a8bd746930fab9f31b8ed95d1c00
-
SHA256
e6775fe9d0bb612dd40712b634cb7782371f3fb3a27dc594ad2a8d2d1b93727c
-
SHA512
3fc49bb7e9fb9341ceed17df3c6ebb663fb2f0f0b26734fc40e6b54fcc6b3d17a7d0d5207c4383c275dbaecb31215cbc6533b7376c792f7c9adf283512548371
-
SSDEEP
3072:wEjCFqdW7KeEwYJUZVaqB2fJJf8V1ere4HoahAuqYJX5mZtKzZH8W:wEjC4c7KeEwYJUZVa42zfKMvALYJkZtm
-
Detect XtremeRAT payload
-
Modifies firewall policy service
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5