General
-
Target
40020b7c69cc84dac00697e720c7ef8d_JaffaCakes118
-
Size
1.2MB
-
Sample
240713-dzkzvswdla
-
MD5
40020b7c69cc84dac00697e720c7ef8d
-
SHA1
5b51d8ee1929af09341ce0e50666ae777e3c543a
-
SHA256
a20ad6966e6cf97609eb304746247015166d0ae40f6399f2e7e6b3ad4eb7f475
-
SHA512
6009f17c095259cbd8d591a71a354d22cd42bdeb78b3d24c694fcab0c4dc0f1852c3385539e585f92abcad8917f4d69a88a920d7227ea3162ba7a5176942e6bf
-
SSDEEP
24576:KthEVaPqLfsxcjm2qJYlDF6mkpD6p4Yu9M5YyAbLmda9Ns:iEVUcEcmqDipOp4wAb6dYC
Behavioral task
behavioral1
Sample
40020b7c69cc84dac00697e720c7ef8d_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
40020b7c69cc84dac00697e720c7ef8d_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
40020b7c69cc84dac00697e720c7ef8d_JaffaCakes118
-
Size
1.2MB
-
MD5
40020b7c69cc84dac00697e720c7ef8d
-
SHA1
5b51d8ee1929af09341ce0e50666ae777e3c543a
-
SHA256
a20ad6966e6cf97609eb304746247015166d0ae40f6399f2e7e6b3ad4eb7f475
-
SHA512
6009f17c095259cbd8d591a71a354d22cd42bdeb78b3d24c694fcab0c4dc0f1852c3385539e585f92abcad8917f4d69a88a920d7227ea3162ba7a5176942e6bf
-
SSDEEP
24576:KthEVaPqLfsxcjm2qJYlDF6mkpD6p4Yu9M5YyAbLmda9Ns:iEVUcEcmqDipOp4wAb6dYC
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-