General
-
Target
580b99690108597882a697758746e3b4_JaffaCakes118
-
Size
224KB
-
Sample
240718-s8mmdaydmd
-
MD5
580b99690108597882a697758746e3b4
-
SHA1
41bcec8607f7b58a949424d8c17c60f5aca908b8
-
SHA256
fd8f41d64a58240f50417feaa9f3d0f45bf632287f07ff32b9fef00157554d7d
-
SHA512
8ba86a04bd4671f30f9c5efb128dad0d28ff0f03693befdaffc96de65582ea0ae040eb07dc0fcf96fce41df3cc5d37c12ea5f0f5151858231862f86469329ced
-
SSDEEP
6144:QYZeelIkedjYO+nGZdYJd4k8yUTJ5RlUFQh+yo:leeJedjN+nGscFu
Static task
static1
Behavioral task
behavioral1
Sample
580b99690108597882a697758746e3b4_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
580b99690108597882a697758746e3b4_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
580b99690108597882a697758746e3b4_JaffaCakes118
-
Size
224KB
-
MD5
580b99690108597882a697758746e3b4
-
SHA1
41bcec8607f7b58a949424d8c17c60f5aca908b8
-
SHA256
fd8f41d64a58240f50417feaa9f3d0f45bf632287f07ff32b9fef00157554d7d
-
SHA512
8ba86a04bd4671f30f9c5efb128dad0d28ff0f03693befdaffc96de65582ea0ae040eb07dc0fcf96fce41df3cc5d37c12ea5f0f5151858231862f86469329ced
-
SSDEEP
6144:QYZeelIkedjYO+nGZdYJd4k8yUTJ5RlUFQh+yo:leeJedjN+nGscFu
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Molebox Virtualization software
Detects file using Molebox Virtualization software.
-
Adds Run key to start application
-