General
-
Target
4eebfd774a1179174021cdb927f20086_JaffaCakes118
-
Size
104KB
-
Sample
240716-stan9s1hqd
-
MD5
4eebfd774a1179174021cdb927f20086
-
SHA1
911b12a6cb335e6bd1825afc2d8ee6e87b08aafd
-
SHA256
4fdf40c70773062dbd68fdfc9bddea0dd2ffefbd9c2d0a88b12624b9ce648267
-
SHA512
5003703047649bceec7f1daa001205029d4a4511dde3df9c93072357cc830b50219ff4a5b4eee0180c94fb21251543603fcf1892e7064891d6aea3a3ba632ec2
-
SSDEEP
1536:cnh3FTDtpp9AWdYZXQdrsDEGekQYU9A5:gzfY5QdrUEGv3U9A5
Static task
static1
Behavioral task
behavioral1
Sample
4eebfd774a1179174021cdb927f20086_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4eebfd774a1179174021cdb927f20086_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
4eebfd774a1179174021cdb927f20086_JaffaCakes118
-
Size
104KB
-
MD5
4eebfd774a1179174021cdb927f20086
-
SHA1
911b12a6cb335e6bd1825afc2d8ee6e87b08aafd
-
SHA256
4fdf40c70773062dbd68fdfc9bddea0dd2ffefbd9c2d0a88b12624b9ce648267
-
SHA512
5003703047649bceec7f1daa001205029d4a4511dde3df9c93072357cc830b50219ff4a5b4eee0180c94fb21251543603fcf1892e7064891d6aea3a3ba632ec2
-
SSDEEP
1536:cnh3FTDtpp9AWdYZXQdrsDEGekQYU9A5:gzfY5QdrUEGv3U9A5
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-