General

  • Target

    4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118

  • Size

    608KB

  • Sample

    240716-te5rjazeqk

  • MD5

    4f09d8eea84b81f08d82e722f7237cbe

  • SHA1

    b5473864be8beed605a2bfc7ae2ad79e3bf03de6

  • SHA256

    2c0052e5cb2894de425b269a7057a78512ca4ae95901a5a05f2cd990fb96708c

  • SHA512

    557a33fb494e8c7656713141df5dc05088e620b5a0f7e28087ad34be65f139ebce27977331904d3ccb1f565221888a8b6381f0b10b848e680d95be3e1fc8fbde

  • SSDEEP

    12288:VBhL1JR9wmqSDLcNPs9CCeO9CTeN561JR9wmqSDGZ:VBR1JR9wmqSDLcNPCbSeN561JR9wmqSu

Malware Config

Targets

    • Target

      4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118

    • Size

      608KB

    • MD5

      4f09d8eea84b81f08d82e722f7237cbe

    • SHA1

      b5473864be8beed605a2bfc7ae2ad79e3bf03de6

    • SHA256

      2c0052e5cb2894de425b269a7057a78512ca4ae95901a5a05f2cd990fb96708c

    • SHA512

      557a33fb494e8c7656713141df5dc05088e620b5a0f7e28087ad34be65f139ebce27977331904d3ccb1f565221888a8b6381f0b10b848e680d95be3e1fc8fbde

    • SSDEEP

      12288:VBhL1JR9wmqSDLcNPs9CCeO9CTeN561JR9wmqSDGZ:VBR1JR9wmqSDLcNPCbSeN561JR9wmqSu

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks