General

  • Target

    3e89f00f3e01cba36d843b1fbd1b06bd_JaffaCakes118

  • Size

    40KB

  • Sample

    240712-xwcnvsyena

  • MD5

    3e89f00f3e01cba36d843b1fbd1b06bd

  • SHA1

    61540f6c1de3af8693c137c0949e556809e57bf1

  • SHA256

    b823469fa93bda4ff40d34c3368e58710c9378de6a1416648fb1b9a8f64d408b

  • SHA512

    fef8e58f88dd585d73f4db365bc49825f5aa4cb95bcaf1b8971288f3079aacd4e0c4afc1903ea7f1f075703a3f72aa40df2218749b69116f248c9ba1478afb59

  • SSDEEP

    768:sE9hghdN12Ozhiow2Gkm6+c3/pBzNBwIld8zoQ4:su+zMOlw2GkmS3/BldMoQ4

Malware Config

Targets

    • Target

      3e89f00f3e01cba36d843b1fbd1b06bd_JaffaCakes118

    • Size

      40KB

    • MD5

      3e89f00f3e01cba36d843b1fbd1b06bd

    • SHA1

      61540f6c1de3af8693c137c0949e556809e57bf1

    • SHA256

      b823469fa93bda4ff40d34c3368e58710c9378de6a1416648fb1b9a8f64d408b

    • SHA512

      fef8e58f88dd585d73f4db365bc49825f5aa4cb95bcaf1b8971288f3079aacd4e0c4afc1903ea7f1f075703a3f72aa40df2218749b69116f248c9ba1478afb59

    • SSDEEP

      768:sE9hghdN12Ozhiow2Gkm6+c3/pBzNBwIld8zoQ4:su+zMOlw2GkmS3/BldMoQ4

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks