General
-
Target
585e2bd7813b953c56515e404d8282c8_JaffaCakes118
-
Size
527KB
-
Sample
240718-vz15hsyemq
-
MD5
585e2bd7813b953c56515e404d8282c8
-
SHA1
2afe3b9a31597215619cb8b3cb27d67051bd3d86
-
SHA256
a872b928e824a4c6ca1f3fadbc01c2645e31e4d0774401fa8e4a8e7da6d3d366
-
SHA512
038309e03c10e4df4f6340fa71bbd05236be5cddc84f45cf502f39cd364b8f10661060b297b9ac2ae3983da2551087db699922a25075aba5309ac949b7ca1873
-
SSDEEP
12288:5IASBxcIe6NImzQRpLU+I0dgbdUwkfkwIVyLmg/T9cCU3:5IAsSSEDA7VykwIELTWCM
Static task
static1
Behavioral task
behavioral1
Sample
585e2bd7813b953c56515e404d8282c8_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
585e2bd7813b953c56515e404d8282c8_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
585e2bd7813b953c56515e404d8282c8_JaffaCakes118
-
Size
527KB
-
MD5
585e2bd7813b953c56515e404d8282c8
-
SHA1
2afe3b9a31597215619cb8b3cb27d67051bd3d86
-
SHA256
a872b928e824a4c6ca1f3fadbc01c2645e31e4d0774401fa8e4a8e7da6d3d366
-
SHA512
038309e03c10e4df4f6340fa71bbd05236be5cddc84f45cf502f39cd364b8f10661060b297b9ac2ae3983da2551087db699922a25075aba5309ac949b7ca1873
-
SSDEEP
12288:5IASBxcIe6NImzQRpLU+I0dgbdUwkfkwIVyLmg/T9cCU3:5IAsSSEDA7VykwIELTWCM
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-