General

  • Target

    5834b52df8db61bf7dc7c3f8e0a58de1_JaffaCakes118

  • Size

    651KB

  • Sample

    240718-t4ld7azfrf

  • MD5

    5834b52df8db61bf7dc7c3f8e0a58de1

  • SHA1

    9cc70c6ae8e39ecb015e50139800f53ad0716cf2

  • SHA256

    f495a8ba97607ee74012dafbef1384b76daded34cca7765582b1fe8c006ce98f

  • SHA512

    b868387af58cd5d64a6153e39141ffaabda9770daec4164650d15386bfddf2655f103a3ee741e6a19eb4282fb409b5a1dbf1830c1257f37f74e1b17a0eae9e01

  • SSDEEP

    12288:NCCaJ/A+Io6wj9npuDB1zlPyoOOXRVeQe7vDBbzgG43TCash2NHW4PQzWS+9qn:NCCau+RTuDB1zlPyZOX/mdzuWx6W44au

Malware Config

Targets

    • Target

      5834b52df8db61bf7dc7c3f8e0a58de1_JaffaCakes118

    • Size

      651KB

    • MD5

      5834b52df8db61bf7dc7c3f8e0a58de1

    • SHA1

      9cc70c6ae8e39ecb015e50139800f53ad0716cf2

    • SHA256

      f495a8ba97607ee74012dafbef1384b76daded34cca7765582b1fe8c006ce98f

    • SHA512

      b868387af58cd5d64a6153e39141ffaabda9770daec4164650d15386bfddf2655f103a3ee741e6a19eb4282fb409b5a1dbf1830c1257f37f74e1b17a0eae9e01

    • SSDEEP

      12288:NCCaJ/A+Io6wj9npuDB1zlPyoOOXRVeQe7vDBbzgG43TCash2NHW4PQzWS+9qn:NCCau+RTuDB1zlPyZOX/mdzuWx6W44au

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks