General

  • Target

    526f63183cc1017dad9b55dc82ad0a6a_JaffaCakes118

  • Size

    108KB

  • Sample

    240717-lm85xsveqp

  • MD5

    526f63183cc1017dad9b55dc82ad0a6a

  • SHA1

    8fa79bf029d6208945889af215ee377a302349e6

  • SHA256

    c666682e6daf3d5939fa57848dd4c7efc6408a659fdc7e4a3f46869987324106

  • SHA512

    d9bb4ac1deef9afc2e4db316fb21a2d9b0d931eb1fdc529352546580a2241791e0d159f00a1f42453178e080e532631f9f6c87cde4c0d4a96d1f712223597971

  • SSDEEP

    768:9tOAihm0Uj/VT2EQg5yY28Zns5BnzI+47rmdN/3TICW8Pxf7DNiIpogFU+v+IYwc:nOAtpI8ZIBzIL743T48Pp7BiOFyFuk

Malware Config

Targets

    • Target

      526f63183cc1017dad9b55dc82ad0a6a_JaffaCakes118

    • Size

      108KB

    • MD5

      526f63183cc1017dad9b55dc82ad0a6a

    • SHA1

      8fa79bf029d6208945889af215ee377a302349e6

    • SHA256

      c666682e6daf3d5939fa57848dd4c7efc6408a659fdc7e4a3f46869987324106

    • SHA512

      d9bb4ac1deef9afc2e4db316fb21a2d9b0d931eb1fdc529352546580a2241791e0d159f00a1f42453178e080e532631f9f6c87cde4c0d4a96d1f712223597971

    • SSDEEP

      768:9tOAihm0Uj/VT2EQg5yY28Zns5BnzI+47rmdN/3TICW8Pxf7DNiIpogFU+v+IYwc:nOAtpI8ZIBzIL743T48Pp7BiOFyFuk

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks