General
-
Target
5280da4fcc8e0305f9461400c04b1bbb_JaffaCakes118
-
Size
104KB
-
Sample
240717-l1pcnswbkq
-
MD5
5280da4fcc8e0305f9461400c04b1bbb
-
SHA1
b2b3948bad15c4b1869fb7836e51272e0c532de7
-
SHA256
13d9d37ad3b31a089fa904046634cf23322d993f59a1153f93cd24f6dea0d4ba
-
SHA512
254d63a3b0fc7bd995edac0909898a1d21f69547382b4458c00d13a2f0c5c4d56f84d899959282ab91fd51dfc288cdf400b308e28e401b5afd81807af090971c
-
SSDEEP
1536:unh3FTDtpp9AWdYZXQdrsDEGekQYU9A5:uzfY5QdrUEGv3U9A5
Static task
static1
Behavioral task
behavioral1
Sample
5280da4fcc8e0305f9461400c04b1bbb_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5280da4fcc8e0305f9461400c04b1bbb_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
5280da4fcc8e0305f9461400c04b1bbb_JaffaCakes118
-
Size
104KB
-
MD5
5280da4fcc8e0305f9461400c04b1bbb
-
SHA1
b2b3948bad15c4b1869fb7836e51272e0c532de7
-
SHA256
13d9d37ad3b31a089fa904046634cf23322d993f59a1153f93cd24f6dea0d4ba
-
SHA512
254d63a3b0fc7bd995edac0909898a1d21f69547382b4458c00d13a2f0c5c4d56f84d899959282ab91fd51dfc288cdf400b308e28e401b5afd81807af090971c
-
SSDEEP
1536:unh3FTDtpp9AWdYZXQdrsDEGekQYU9A5:uzfY5QdrUEGv3U9A5
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-