General

  • Target

    3d25e80b64d1dd0c061c0be6925e07b0_JaffaCakes118

  • Size

    156KB

  • Sample

    240712-ncrt1a1cpj

  • MD5

    3d25e80b64d1dd0c061c0be6925e07b0

  • SHA1

    5a4da987c2e84fb56157a2ba98e1ae3f5773e2e3

  • SHA256

    59f28cb7d5408ae079bd1512d502d284ff715e50d7c47f5397ca7b166e29c13b

  • SHA512

    019f8c86aad646ed00d55b43a78cbbdb2c751fd1489c02fb5485337552180f24db5785d63ef0a51a25b4f06f93c50bfba4da846c53e9f4a5cfe1d4d2688808bf

  • SSDEEP

    3072:bSX+3bsc5WngyfPdLZhFSgWf1DwRJi+SVmsdXKwW7oZoRD68wbwxG:4+rsc5YXLhcg2a8rmsd6we7D68ww

Malware Config

Targets

    • Target

      3d25e80b64d1dd0c061c0be6925e07b0_JaffaCakes118

    • Size

      156KB

    • MD5

      3d25e80b64d1dd0c061c0be6925e07b0

    • SHA1

      5a4da987c2e84fb56157a2ba98e1ae3f5773e2e3

    • SHA256

      59f28cb7d5408ae079bd1512d502d284ff715e50d7c47f5397ca7b166e29c13b

    • SHA512

      019f8c86aad646ed00d55b43a78cbbdb2c751fd1489c02fb5485337552180f24db5785d63ef0a51a25b4f06f93c50bfba4da846c53e9f4a5cfe1d4d2688808bf

    • SSDEEP

      3072:bSX+3bsc5WngyfPdLZhFSgWf1DwRJi+SVmsdXKwW7oZoRD68wbwxG:4+rsc5YXLhcg2a8rmsd6we7D68ww

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks