General
-
Target
526f63183cc1017dad9b55dc82ad0a6a_JaffaCakes118
-
Size
108KB
-
Sample
240717-lm85xsveqp
-
MD5
526f63183cc1017dad9b55dc82ad0a6a
-
SHA1
8fa79bf029d6208945889af215ee377a302349e6
-
SHA256
c666682e6daf3d5939fa57848dd4c7efc6408a659fdc7e4a3f46869987324106
-
SHA512
d9bb4ac1deef9afc2e4db316fb21a2d9b0d931eb1fdc529352546580a2241791e0d159f00a1f42453178e080e532631f9f6c87cde4c0d4a96d1f712223597971
-
SSDEEP
768:9tOAihm0Uj/VT2EQg5yY28Zns5BnzI+47rmdN/3TICW8Pxf7DNiIpogFU+v+IYwc:nOAtpI8ZIBzIL743T48Pp7BiOFyFuk
Static task
static1
Behavioral task
behavioral1
Sample
526f63183cc1017dad9b55dc82ad0a6a_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
526f63183cc1017dad9b55dc82ad0a6a_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
526f63183cc1017dad9b55dc82ad0a6a_JaffaCakes118
-
Size
108KB
-
MD5
526f63183cc1017dad9b55dc82ad0a6a
-
SHA1
8fa79bf029d6208945889af215ee377a302349e6
-
SHA256
c666682e6daf3d5939fa57848dd4c7efc6408a659fdc7e4a3f46869987324106
-
SHA512
d9bb4ac1deef9afc2e4db316fb21a2d9b0d931eb1fdc529352546580a2241791e0d159f00a1f42453178e080e532631f9f6c87cde4c0d4a96d1f712223597971
-
SSDEEP
768:9tOAihm0Uj/VT2EQg5yY28Zns5BnzI+47rmdN/3TICW8Pxf7DNiIpogFU+v+IYwc:nOAtpI8ZIBzIL743T48Pp7BiOFyFuk
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-