General
-
Target
40030304ef63db29a774700e7b82273f_JaffaCakes118
-
Size
224KB
-
Sample
240713-d1d8pstemj
-
MD5
40030304ef63db29a774700e7b82273f
-
SHA1
a2f07e9a2c4f0c1654fcb507e987bba10172af4a
-
SHA256
396ac5f9a7940fddfe6c13b3f260ffd7b955ad93bbff9e457606c8f5afe49136
-
SHA512
5f3408436aeed482551771f79a3342c92523ef59397d211010badad920ae400b3f9e51a54d82492378e6f2c724c3092923735a38a94404274063f61386369543
-
SSDEEP
6144:PdnhnCuKCme7IvVv60nFETpFsMmKAae0du:PdhCnveEvVi+ETpFpmKAae0du
Behavioral task
behavioral1
Sample
40030304ef63db29a774700e7b82273f_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
40030304ef63db29a774700e7b82273f_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
40030304ef63db29a774700e7b82273f_JaffaCakes118
-
Size
224KB
-
MD5
40030304ef63db29a774700e7b82273f
-
SHA1
a2f07e9a2c4f0c1654fcb507e987bba10172af4a
-
SHA256
396ac5f9a7940fddfe6c13b3f260ffd7b955ad93bbff9e457606c8f5afe49136
-
SHA512
5f3408436aeed482551771f79a3342c92523ef59397d211010badad920ae400b3f9e51a54d82492378e6f2c724c3092923735a38a94404274063f61386369543
-
SSDEEP
6144:PdnhnCuKCme7IvVv60nFETpFsMmKAae0du:PdhCnveEvVi+ETpFpmKAae0du
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-