General
-
Target
4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118
-
Size
608KB
-
Sample
240716-te5rjazeqk
-
MD5
4f09d8eea84b81f08d82e722f7237cbe
-
SHA1
b5473864be8beed605a2bfc7ae2ad79e3bf03de6
-
SHA256
2c0052e5cb2894de425b269a7057a78512ca4ae95901a5a05f2cd990fb96708c
-
SHA512
557a33fb494e8c7656713141df5dc05088e620b5a0f7e28087ad34be65f139ebce27977331904d3ccb1f565221888a8b6381f0b10b848e680d95be3e1fc8fbde
-
SSDEEP
12288:VBhL1JR9wmqSDLcNPs9CCeO9CTeN561JR9wmqSDGZ:VBR1JR9wmqSDLcNPCbSeN561JR9wmqSu
Static task
static1
Behavioral task
behavioral1
Sample
4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118
-
Size
608KB
-
MD5
4f09d8eea84b81f08d82e722f7237cbe
-
SHA1
b5473864be8beed605a2bfc7ae2ad79e3bf03de6
-
SHA256
2c0052e5cb2894de425b269a7057a78512ca4ae95901a5a05f2cd990fb96708c
-
SHA512
557a33fb494e8c7656713141df5dc05088e620b5a0f7e28087ad34be65f139ebce27977331904d3ccb1f565221888a8b6381f0b10b848e680d95be3e1fc8fbde
-
SSDEEP
12288:VBhL1JR9wmqSDLcNPs9CCeO9CTeN561JR9wmqSDGZ:VBR1JR9wmqSDLcNPCbSeN561JR9wmqSu
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-