General
-
Target
38d6c9d7563367e8e1b3d4ff7f513aea_JaffaCakes118
-
Size
127KB
-
Sample
240711-m3qtystcnq
-
MD5
38d6c9d7563367e8e1b3d4ff7f513aea
-
SHA1
13c67bffe694f1bfc3a52f6bb644460187fe9acb
-
SHA256
988f4d7d0da7ce5c6e34856e943a5e67d524549b7d81b0339203bdcc1af3f8a4
-
SHA512
0dbf16705f756bea0f3e62b3852c65e8432e8b7420c1f0b24b9d4fa4816ebb41099a9571dbc87834ce3fa905ce9a5e1509a9c754b07101f6084d4078a548a506
-
SSDEEP
1536:nen0R5RqQjGcaJ12RuAl+dJSCJLU+fb/oWVKXKiIgOkQ7163DUhE:p5ZjGn12/lSjJnbw6KX/DOJQYhE
Static task
static1
Behavioral task
behavioral1
Sample
38d6c9d7563367e8e1b3d4ff7f513aea_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
38d6c9d7563367e8e1b3d4ff7f513aea_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
38d6c9d7563367e8e1b3d4ff7f513aea_JaffaCakes118
-
Size
127KB
-
MD5
38d6c9d7563367e8e1b3d4ff7f513aea
-
SHA1
13c67bffe694f1bfc3a52f6bb644460187fe9acb
-
SHA256
988f4d7d0da7ce5c6e34856e943a5e67d524549b7d81b0339203bdcc1af3f8a4
-
SHA512
0dbf16705f756bea0f3e62b3852c65e8432e8b7420c1f0b24b9d4fa4816ebb41099a9571dbc87834ce3fa905ce9a5e1509a9c754b07101f6084d4078a548a506
-
SSDEEP
1536:nen0R5RqQjGcaJ12RuAl+dJSCJLU+fb/oWVKXKiIgOkQ7163DUhE:p5ZjGn12/lSjJnbw6KX/DOJQYhE
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-