General
-
Target
409e08ff7bc1662537fab0ace3c71447_JaffaCakes118
-
Size
19KB
-
Sample
240713-hlwawsseqa
-
MD5
409e08ff7bc1662537fab0ace3c71447
-
SHA1
21e211bfa224bbb9d0c7ed7605bad23fd16fc3e4
-
SHA256
9fd8a7c0202c5e4ebdef7c5ea00ea19c564a4758682060985c473b3ff0e821bb
-
SHA512
61cda1f790662baa3754a539711bfc7737aefe6e23cecd0dc18a0e4e52b264a9daaa59154ebf93312d508f41011b11c35066cc9111e1ace40e0fd521e0fd63e2
-
SSDEEP
384:8PHKZfuH87GowDqGoMwevqxP6k6zIDwPVBSSGuw+yOXeQ7R:lZfuHUvwDKP6kMpjGuryZy
Behavioral task
behavioral1
Sample
409e08ff7bc1662537fab0ace3c71447_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
409e08ff7bc1662537fab0ace3c71447_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
409e08ff7bc1662537fab0ace3c71447_JaffaCakes118
-
Size
19KB
-
MD5
409e08ff7bc1662537fab0ace3c71447
-
SHA1
21e211bfa224bbb9d0c7ed7605bad23fd16fc3e4
-
SHA256
9fd8a7c0202c5e4ebdef7c5ea00ea19c564a4758682060985c473b3ff0e821bb
-
SHA512
61cda1f790662baa3754a539711bfc7737aefe6e23cecd0dc18a0e4e52b264a9daaa59154ebf93312d508f41011b11c35066cc9111e1ace40e0fd521e0fd63e2
-
SSDEEP
384:8PHKZfuH87GowDqGoMwevqxP6k6zIDwPVBSSGuw+yOXeQ7R:lZfuHUvwDKP6kMpjGuryZy
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-