General
-
Target
37626a2cd49161c88c943e21538b3dd5_JaffaCakes118
-
Size
19KB
-
Sample
240711-c35b8swhja
-
MD5
37626a2cd49161c88c943e21538b3dd5
-
SHA1
1369a881ff7005b3a2ca74a26c573964a38886d5
-
SHA256
7800d0e27458768ae189fb2591035d61995973b2805b1efc70f2cd2dc14cc56d
-
SHA512
66ca53b7cdf8411047d572f867e7fe8cf6614bb9aa05d37fcd592c9f4fdd425a23b10490de2ec6c37d1b7380698ec4cb3c134ef6b8779b9e4068b1becff65af6
-
SSDEEP
384:wYHKZfuH87GowDqGoMwevqxP6k6zIDwPVBSpdo0eoNdoc7R:SZfuHUvwDKP6kMp6dxtNaW
Behavioral task
behavioral1
Sample
37626a2cd49161c88c943e21538b3dd5_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
37626a2cd49161c88c943e21538b3dd5_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
37626a2cd49161c88c943e21538b3dd5_JaffaCakes118
-
Size
19KB
-
MD5
37626a2cd49161c88c943e21538b3dd5
-
SHA1
1369a881ff7005b3a2ca74a26c573964a38886d5
-
SHA256
7800d0e27458768ae189fb2591035d61995973b2805b1efc70f2cd2dc14cc56d
-
SHA512
66ca53b7cdf8411047d572f867e7fe8cf6614bb9aa05d37fcd592c9f4fdd425a23b10490de2ec6c37d1b7380698ec4cb3c134ef6b8779b9e4068b1becff65af6
-
SSDEEP
384:wYHKZfuH87GowDqGoMwevqxP6k6zIDwPVBSpdo0eoNdoc7R:SZfuHUvwDKP6kMp6dxtNaW
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-