General

  • Target

    40020b7c69cc84dac00697e720c7ef8d_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240713-dzkzvswdla

  • MD5

    40020b7c69cc84dac00697e720c7ef8d

  • SHA1

    5b51d8ee1929af09341ce0e50666ae777e3c543a

  • SHA256

    a20ad6966e6cf97609eb304746247015166d0ae40f6399f2e7e6b3ad4eb7f475

  • SHA512

    6009f17c095259cbd8d591a71a354d22cd42bdeb78b3d24c694fcab0c4dc0f1852c3385539e585f92abcad8917f4d69a88a920d7227ea3162ba7a5176942e6bf

  • SSDEEP

    24576:KthEVaPqLfsxcjm2qJYlDF6mkpD6p4Yu9M5YyAbLmda9Ns:iEVUcEcmqDipOp4wAb6dYC

Malware Config

Targets

    • Target

      40020b7c69cc84dac00697e720c7ef8d_JaffaCakes118

    • Size

      1.2MB

    • MD5

      40020b7c69cc84dac00697e720c7ef8d

    • SHA1

      5b51d8ee1929af09341ce0e50666ae777e3c543a

    • SHA256

      a20ad6966e6cf97609eb304746247015166d0ae40f6399f2e7e6b3ad4eb7f475

    • SHA512

      6009f17c095259cbd8d591a71a354d22cd42bdeb78b3d24c694fcab0c4dc0f1852c3385539e585f92abcad8917f4d69a88a920d7227ea3162ba7a5176942e6bf

    • SSDEEP

      24576:KthEVaPqLfsxcjm2qJYlDF6mkpD6p4Yu9M5YyAbLmda9Ns:iEVUcEcmqDipOp4wAb6dYC

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks