General

  • Target

    36d95acff50bf7b21647d45e463643cb_JaffaCakes118

  • Size

    103KB

  • Sample

    240710-3klehsydnb

  • MD5

    36d95acff50bf7b21647d45e463643cb

  • SHA1

    3a69087db0ffc35e233966885311ac943f8487ed

  • SHA256

    dff54f923175c0a3ba0510f126b86239e64afa711ade9329787daef695a6c662

  • SHA512

    b81442acb5c125c84657b77acd57a2f6a3da39f8fe8f73741b75d036b3dea36b039db5832a57cccdb4dbe5086ef9715c911bd0ed2cc1f9eb5710e5f79065f4f8

  • SSDEEP

    3072:ryRUZ7vA8UvX2O95Rs3vUvX2O95Rs3iloG:eqZ7o8UvX20i3vUvX20i3ilJ

Malware Config

Targets

    • Target

      36d95acff50bf7b21647d45e463643cb_JaffaCakes118

    • Size

      103KB

    • MD5

      36d95acff50bf7b21647d45e463643cb

    • SHA1

      3a69087db0ffc35e233966885311ac943f8487ed

    • SHA256

      dff54f923175c0a3ba0510f126b86239e64afa711ade9329787daef695a6c662

    • SHA512

      b81442acb5c125c84657b77acd57a2f6a3da39f8fe8f73741b75d036b3dea36b039db5832a57cccdb4dbe5086ef9715c911bd0ed2cc1f9eb5710e5f79065f4f8

    • SSDEEP

      3072:ryRUZ7vA8UvX2O95Rs3vUvX2O95Rs3iloG:eqZ7o8UvX20i3vUvX20i3ilJ

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks