General
-
Target
58a694a55501370daf4590f2eba2dd0a_JaffaCakes118
-
Size
44KB
-
Sample
240718-xk4cfavekb
-
MD5
58a694a55501370daf4590f2eba2dd0a
-
SHA1
dd31724678aac259763eb774db2b1d38568108d8
-
SHA256
ed52802436fcb6a174d5ae4970629bbeb7104f46ca09e9d3022a34cc178044c4
-
SHA512
92de95a9a2ab275a1f4be120b5eac54dd9e7e5a62f2a1f75647b1d55959984fba85a5e296650d165f8da6c8746553e1f32c0ad7e09e87aecd3b3b30a1bf5aaae
-
SSDEEP
768:rBr+tjFqTPkAlfztB1lr6an3smTA8uvm2DfOTwYPIQRzorm:FyRUHlrL1lr6an3TLuvm2buQQ5oy
Behavioral task
behavioral1
Sample
58a694a55501370daf4590f2eba2dd0a_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
58a694a55501370daf4590f2eba2dd0a_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
xr5sm.zapto.org
Targets
-
-
Target
58a694a55501370daf4590f2eba2dd0a_JaffaCakes118
-
Size
44KB
-
MD5
58a694a55501370daf4590f2eba2dd0a
-
SHA1
dd31724678aac259763eb774db2b1d38568108d8
-
SHA256
ed52802436fcb6a174d5ae4970629bbeb7104f46ca09e9d3022a34cc178044c4
-
SHA512
92de95a9a2ab275a1f4be120b5eac54dd9e7e5a62f2a1f75647b1d55959984fba85a5e296650d165f8da6c8746553e1f32c0ad7e09e87aecd3b3b30a1bf5aaae
-
SSDEEP
768:rBr+tjFqTPkAlfztB1lr6an3smTA8uvm2DfOTwYPIQRzorm:FyRUHlrL1lr6an3TLuvm2buQQ5oy
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-