General

  • Target

    37626a2cd49161c88c943e21538b3dd5_JaffaCakes118

  • Size

    19KB

  • Sample

    240711-c35b8swhja

  • MD5

    37626a2cd49161c88c943e21538b3dd5

  • SHA1

    1369a881ff7005b3a2ca74a26c573964a38886d5

  • SHA256

    7800d0e27458768ae189fb2591035d61995973b2805b1efc70f2cd2dc14cc56d

  • SHA512

    66ca53b7cdf8411047d572f867e7fe8cf6614bb9aa05d37fcd592c9f4fdd425a23b10490de2ec6c37d1b7380698ec4cb3c134ef6b8779b9e4068b1becff65af6

  • SSDEEP

    384:wYHKZfuH87GowDqGoMwevqxP6k6zIDwPVBSpdo0eoNdoc7R:SZfuHUvwDKP6kMp6dxtNaW

Malware Config

Targets

    • Target

      37626a2cd49161c88c943e21538b3dd5_JaffaCakes118

    • Size

      19KB

    • MD5

      37626a2cd49161c88c943e21538b3dd5

    • SHA1

      1369a881ff7005b3a2ca74a26c573964a38886d5

    • SHA256

      7800d0e27458768ae189fb2591035d61995973b2805b1efc70f2cd2dc14cc56d

    • SHA512

      66ca53b7cdf8411047d572f867e7fe8cf6614bb9aa05d37fcd592c9f4fdd425a23b10490de2ec6c37d1b7380698ec4cb3c134ef6b8779b9e4068b1becff65af6

    • SSDEEP

      384:wYHKZfuH87GowDqGoMwevqxP6k6zIDwPVBSpdo0eoNdoc7R:SZfuHUvwDKP6kMp6dxtNaW

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks