General

  • Target

    37d31edcc158a99c21501401c48c3aca_JaffaCakes118

  • Size

    96KB

  • Sample

    240711-fvvdva1apk

  • MD5

    37d31edcc158a99c21501401c48c3aca

  • SHA1

    c57261dafbd923838f714967c622e1be2448d7da

  • SHA256

    1507ee7a997e7b28e9a830d4e0b68d29394135639e5ce1246e8b906d43d0951a

  • SHA512

    4a3f7683a438a5f024a5153915e359f9bc9fb5dbc75b8de91f0e8d28c7f1d14fd10a5ffbbb2dc53c9bda05f13d94c72006bff8861d1edc2f79f8ebeaee6c2be9

  • SSDEEP

    768:4V/4IVzt2p59SweTxdfyQEkTYCtgBlMWveBBo4AWd+jpkUUkBBw64D+gFX+v+x:+h3FTDtpp9AWdYpEkBP4BF/x

Malware Config

Targets

    • Target

      37d31edcc158a99c21501401c48c3aca_JaffaCakes118

    • Size

      96KB

    • MD5

      37d31edcc158a99c21501401c48c3aca

    • SHA1

      c57261dafbd923838f714967c622e1be2448d7da

    • SHA256

      1507ee7a997e7b28e9a830d4e0b68d29394135639e5ce1246e8b906d43d0951a

    • SHA512

      4a3f7683a438a5f024a5153915e359f9bc9fb5dbc75b8de91f0e8d28c7f1d14fd10a5ffbbb2dc53c9bda05f13d94c72006bff8861d1edc2f79f8ebeaee6c2be9

    • SSDEEP

      768:4V/4IVzt2p59SweTxdfyQEkTYCtgBlMWveBBo4AWd+jpkUUkBBw64D+gFX+v+x:+h3FTDtpp9AWdYpEkBP4BF/x

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks