General
-
Target
5964833fe2ded26bf9974d5517d64d3b_JaffaCakes118
-
Size
344KB
-
Sample
240718-2nvlxszhmp
-
MD5
5964833fe2ded26bf9974d5517d64d3b
-
SHA1
fe93e42bd7a09f8a55d8653bfade161715759e33
-
SHA256
0e732290a6d44ec664639a98857356eac85ad571774704df4b798709a2d1a747
-
SHA512
e89d8f25e2b83321ec553320017df069f1e809b400934dafcfc912689882266ffdbae1bff381c3fe6dad8890f1b556bf708bc87615b02625df3e192619f792b7
-
SSDEEP
3072:Fb2z/QUxm4UlJ7Qig7pH0qOEG8nUi5izw9RXq2IRtj6mAB1nyu:FPc1y
Static task
static1
Behavioral task
behavioral1
Sample
5964833fe2ded26bf9974d5517d64d3b_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5964833fe2ded26bf9974d5517d64d3b_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
5964833fe2ded26bf9974d5517d64d3b_JaffaCakes118
-
Size
344KB
-
MD5
5964833fe2ded26bf9974d5517d64d3b
-
SHA1
fe93e42bd7a09f8a55d8653bfade161715759e33
-
SHA256
0e732290a6d44ec664639a98857356eac85ad571774704df4b798709a2d1a747
-
SHA512
e89d8f25e2b83321ec553320017df069f1e809b400934dafcfc912689882266ffdbae1bff381c3fe6dad8890f1b556bf708bc87615b02625df3e192619f792b7
-
SSDEEP
3072:Fb2z/QUxm4UlJ7Qig7pH0qOEG8nUi5izw9RXq2IRtj6mAB1nyu:FPc1y
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-