General

  • Target

    409e08ff7bc1662537fab0ace3c71447_JaffaCakes118

  • Size

    19KB

  • Sample

    240713-hlwawsseqa

  • MD5

    409e08ff7bc1662537fab0ace3c71447

  • SHA1

    21e211bfa224bbb9d0c7ed7605bad23fd16fc3e4

  • SHA256

    9fd8a7c0202c5e4ebdef7c5ea00ea19c564a4758682060985c473b3ff0e821bb

  • SHA512

    61cda1f790662baa3754a539711bfc7737aefe6e23cecd0dc18a0e4e52b264a9daaa59154ebf93312d508f41011b11c35066cc9111e1ace40e0fd521e0fd63e2

  • SSDEEP

    384:8PHKZfuH87GowDqGoMwevqxP6k6zIDwPVBSSGuw+yOXeQ7R:lZfuHUvwDKP6kMpjGuryZy

Malware Config

Targets

    • Target

      409e08ff7bc1662537fab0ace3c71447_JaffaCakes118

    • Size

      19KB

    • MD5

      409e08ff7bc1662537fab0ace3c71447

    • SHA1

      21e211bfa224bbb9d0c7ed7605bad23fd16fc3e4

    • SHA256

      9fd8a7c0202c5e4ebdef7c5ea00ea19c564a4758682060985c473b3ff0e821bb

    • SHA512

      61cda1f790662baa3754a539711bfc7737aefe6e23cecd0dc18a0e4e52b264a9daaa59154ebf93312d508f41011b11c35066cc9111e1ace40e0fd521e0fd63e2

    • SSDEEP

      384:8PHKZfuH87GowDqGoMwevqxP6k6zIDwPVBSSGuw+yOXeQ7R:lZfuHUvwDKP6kMpjGuryZy

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks