General
-
Target
4e37ab571936b37c635cef9ccebd2a56_JaffaCakes118
-
Size
19KB
-
Sample
240716-n61c8sthkb
-
MD5
4e37ab571936b37c635cef9ccebd2a56
-
SHA1
2a92de9162f8a30a5302c20a23a9c859c5eacae4
-
SHA256
7ff41914ce45d82f7c921e5377c517f8b065a938dab1812a29bda801c9dfa45f
-
SHA512
81456cb9e2a130a8fc7911024deac2c3a8153e02e9a1cf1c70107edc37b6deab6d9115e11ec460dd1304a8bc9cc61a433c42bcaa885f5d3a8789102b722fca71
-
SSDEEP
384:3HKZfuH87GowDqGoMwevqxP6k6zIDwPVBSAbPYnf62Y7R:aZfuHUvwDKP6kMpVbgnf69
Behavioral task
behavioral1
Sample
4e37ab571936b37c635cef9ccebd2a56_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4e37ab571936b37c635cef9ccebd2a56_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
4e37ab571936b37c635cef9ccebd2a56_JaffaCakes118
-
Size
19KB
-
MD5
4e37ab571936b37c635cef9ccebd2a56
-
SHA1
2a92de9162f8a30a5302c20a23a9c859c5eacae4
-
SHA256
7ff41914ce45d82f7c921e5377c517f8b065a938dab1812a29bda801c9dfa45f
-
SHA512
81456cb9e2a130a8fc7911024deac2c3a8153e02e9a1cf1c70107edc37b6deab6d9115e11ec460dd1304a8bc9cc61a433c42bcaa885f5d3a8789102b722fca71
-
SSDEEP
384:3HKZfuH87GowDqGoMwevqxP6k6zIDwPVBSAbPYnf62Y7R:aZfuHUvwDKP6kMpVbgnf69
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-