General

  • Target

    413c266668e58de2454bee8eb31cf380_JaffaCakes118

  • Size

    21KB

  • Sample

    240713-l58l4swgjm

  • MD5

    413c266668e58de2454bee8eb31cf380

  • SHA1

    b1b10a2a2b4326e261cea47bc63c662aeec574a6

  • SHA256

    45ae3f9ebf6a2fdd8e83eb7d7b414ad2c5a4ddc15c9ca292050c2882cdee9bd6

  • SHA512

    5242c255ce331a4535203adb362f6b6d77a559d9c4018ecd12fcf7890dc9f7dbe50ef66449af559a3cd5bbabb21001244f06fa7f37356b1aaba77232dad9be64

  • SSDEEP

    384:rIIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlFpQ4B7BWO7wi9pLR:8IsF81fG9QveLOYTe5YiPpQcko

Malware Config

Targets

    • Target

      413c266668e58de2454bee8eb31cf380_JaffaCakes118

    • Size

      21KB

    • MD5

      413c266668e58de2454bee8eb31cf380

    • SHA1

      b1b10a2a2b4326e261cea47bc63c662aeec574a6

    • SHA256

      45ae3f9ebf6a2fdd8e83eb7d7b414ad2c5a4ddc15c9ca292050c2882cdee9bd6

    • SHA512

      5242c255ce331a4535203adb362f6b6d77a559d9c4018ecd12fcf7890dc9f7dbe50ef66449af559a3cd5bbabb21001244f06fa7f37356b1aaba77232dad9be64

    • SSDEEP

      384:rIIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlFpQ4B7BWO7wi9pLR:8IsF81fG9QveLOYTe5YiPpQcko

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks