General

  • Target

    584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118

  • Size

    511KB

  • Sample

    240718-vmsyda1ekc

  • MD5

    584e2ea9edb16ee433d34e54aa1a60a8

  • SHA1

    4c13e894c6c3b9d1556505cfe77f82d4b6bb166f

  • SHA256

    1003f7e89b991f70994c9f1701f53b584819d5bf5510fc377b8a5cdc721e9cef

  • SHA512

    45ebe94426233b28a45fd428192724b2d4d1c5a156383d91b9486f019e3cee067675f539c9f8bdc59c7058674941b8b64de9ea77419b9eb7b57929828c30a91b

  • SSDEEP

    12288:8uv7Dld+16KngUQaJwK/lGRgOUqmq9kR6lhKXFae/flS/riyT+G+:8uv/aKK/cRgOnmq9g6k5/N++

Malware Config

Targets

    • Target

      584e2ea9edb16ee433d34e54aa1a60a8_JaffaCakes118

    • Size

      511KB

    • MD5

      584e2ea9edb16ee433d34e54aa1a60a8

    • SHA1

      4c13e894c6c3b9d1556505cfe77f82d4b6bb166f

    • SHA256

      1003f7e89b991f70994c9f1701f53b584819d5bf5510fc377b8a5cdc721e9cef

    • SHA512

      45ebe94426233b28a45fd428192724b2d4d1c5a156383d91b9486f019e3cee067675f539c9f8bdc59c7058674941b8b64de9ea77419b9eb7b57929828c30a91b

    • SSDEEP

      12288:8uv7Dld+16KngUQaJwK/lGRgOUqmq9kR6lhKXFae/flS/riyT+G+:8uv/aKK/cRgOnmq9g6k5/N++

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks