General
-
Target
413c266668e58de2454bee8eb31cf380_JaffaCakes118
-
Size
21KB
-
Sample
240713-l58l4swgjm
-
MD5
413c266668e58de2454bee8eb31cf380
-
SHA1
b1b10a2a2b4326e261cea47bc63c662aeec574a6
-
SHA256
45ae3f9ebf6a2fdd8e83eb7d7b414ad2c5a4ddc15c9ca292050c2882cdee9bd6
-
SHA512
5242c255ce331a4535203adb362f6b6d77a559d9c4018ecd12fcf7890dc9f7dbe50ef66449af559a3cd5bbabb21001244f06fa7f37356b1aaba77232dad9be64
-
SSDEEP
384:rIIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlFpQ4B7BWO7wi9pLR:8IsF81fG9QveLOYTe5YiPpQcko
Behavioral task
behavioral1
Sample
413c266668e58de2454bee8eb31cf380_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
413c266668e58de2454bee8eb31cf380_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
413c266668e58de2454bee8eb31cf380_JaffaCakes118
-
Size
21KB
-
MD5
413c266668e58de2454bee8eb31cf380
-
SHA1
b1b10a2a2b4326e261cea47bc63c662aeec574a6
-
SHA256
45ae3f9ebf6a2fdd8e83eb7d7b414ad2c5a4ddc15c9ca292050c2882cdee9bd6
-
SHA512
5242c255ce331a4535203adb362f6b6d77a559d9c4018ecd12fcf7890dc9f7dbe50ef66449af559a3cd5bbabb21001244f06fa7f37356b1aaba77232dad9be64
-
SSDEEP
384:rIIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlFpQ4B7BWO7wi9pLR:8IsF81fG9QveLOYTe5YiPpQcko
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-