General
-
Target
584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118
-
Size
511KB
-
Sample
240718-vmsyda1ekc
-
MD5
584e2ea9edb16ee433d34e54aa1a60a8
-
SHA1
4c13e894c6c3b9d1556505cfe77f82d4b6bb166f
-
SHA256
1003f7e89b991f70994c9f1701f53b584819d5bf5510fc377b8a5cdc721e9cef
-
SHA512
45ebe94426233b28a45fd428192724b2d4d1c5a156383d91b9486f019e3cee067675f539c9f8bdc59c7058674941b8b64de9ea77419b9eb7b57929828c30a91b
-
SSDEEP
12288:8uv7Dld+16KngUQaJwK/lGRgOUqmq9kR6lhKXFae/flS/riyT+G+:8uv/aKK/cRgOnmq9g6k5/N++
Static task
static1
Behavioral task
behavioral1
Sample
584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118
-
Size
511KB
-
MD5
584e2ea9edb16ee433d34e54aa1a60a8
-
SHA1
4c13e894c6c3b9d1556505cfe77f82d4b6bb166f
-
SHA256
1003f7e89b991f70994c9f1701f53b584819d5bf5510fc377b8a5cdc721e9cef
-
SHA512
45ebe94426233b28a45fd428192724b2d4d1c5a156383d91b9486f019e3cee067675f539c9f8bdc59c7058674941b8b64de9ea77419b9eb7b57929828c30a91b
-
SSDEEP
12288:8uv7Dld+16KngUQaJwK/lGRgOUqmq9kR6lhKXFae/flS/riyT+G+:8uv/aKK/cRgOnmq9g6k5/N++
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-