General
-
Target
4efd834d2514f0f58b7040266d2dc128_JaffaCakes118
-
Size
236KB
-
Sample
240716-s7dyvazbpl
-
MD5
4efd834d2514f0f58b7040266d2dc128
-
SHA1
e7dcaabdcb2a16c675a29ca9dd68350b9169947a
-
SHA256
5acb858814052cd5bb85916bbe76330c8225c9df807d362e82d0ab51cb75c462
-
SHA512
5a7671e9d45422173fd902082caeadd1bf610bfa474c97c2b31b1363be79838cd94f45271abb17e5464d7825bc01e682fe89ee2e4e281595229e53d9310e0617
-
SSDEEP
1536:xuCgbVjVm20c/7AsFmQrK3KkpDMfrO91dFwvK:xFgw20c/7AsxrUlf1dWv
Static task
static1
Behavioral task
behavioral1
Sample
4efd834d2514f0f58b7040266d2dc128_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4efd834d2514f0f58b7040266d2dc128_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
4efd834d2514f0f58b7040266d2dc128_JaffaCakes118
-
Size
236KB
-
MD5
4efd834d2514f0f58b7040266d2dc128
-
SHA1
e7dcaabdcb2a16c675a29ca9dd68350b9169947a
-
SHA256
5acb858814052cd5bb85916bbe76330c8225c9df807d362e82d0ab51cb75c462
-
SHA512
5a7671e9d45422173fd902082caeadd1bf610bfa474c97c2b31b1363be79838cd94f45271abb17e5464d7825bc01e682fe89ee2e4e281595229e53d9310e0617
-
SSDEEP
1536:xuCgbVjVm20c/7AsFmQrK3KkpDMfrO91dFwvK:xFgw20c/7AsxrUlf1dWv
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-