General

  • Target

    4e37ab571936b37c635cef9ccebd2a56_JaffaCakes118

  • Size

    19KB

  • Sample

    240716-n61c8sthkb

  • MD5

    4e37ab571936b37c635cef9ccebd2a56

  • SHA1

    2a92de9162f8a30a5302c20a23a9c859c5eacae4

  • SHA256

    7ff41914ce45d82f7c921e5377c517f8b065a938dab1812a29bda801c9dfa45f

  • SHA512

    81456cb9e2a130a8fc7911024deac2c3a8153e02e9a1cf1c70107edc37b6deab6d9115e11ec460dd1304a8bc9cc61a433c42bcaa885f5d3a8789102b722fca71

  • SSDEEP

    384:3HKZfuH87GowDqGoMwevqxP6k6zIDwPVBSAbPYnf62Y7R:aZfuHUvwDKP6kMpVbgnf69

Malware Config

Targets

    • Target

      4e37ab571936b37c635cef9ccebd2a56_JaffaCakes118

    • Size

      19KB

    • MD5

      4e37ab571936b37c635cef9ccebd2a56

    • SHA1

      2a92de9162f8a30a5302c20a23a9c859c5eacae4

    • SHA256

      7ff41914ce45d82f7c921e5377c517f8b065a938dab1812a29bda801c9dfa45f

    • SHA512

      81456cb9e2a130a8fc7911024deac2c3a8153e02e9a1cf1c70107edc37b6deab6d9115e11ec460dd1304a8bc9cc61a433c42bcaa885f5d3a8789102b722fca71

    • SSDEEP

      384:3HKZfuH87GowDqGoMwevqxP6k6zIDwPVBSAbPYnf62Y7R:aZfuHUvwDKP6kMpVbgnf69

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks