General

  • Target

    59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118

  • Size

    812KB

  • Sample

    240719-bl1gaayfja

  • MD5

    59dd98bab0a9838f1122d21021d9bb86

  • SHA1

    6c0640892eb738b868225c1d0b96fdbc390782ae

  • SHA256

    f9adc4f7e8e13e652e9a31525c191903d5efe9b0deb91caf715548e59898c216

  • SHA512

    7dc256bfe77af2a597ef77504d8689c48b7cb1562e5867c37d03f0689642787abbd2850e19202568f475c865f917c327db01abbbbb0b4bf3b8a2f60fb383ccc2

  • SSDEEP

    3072:k6ihx8eTdl+fy2UcKpSDUE/ctuTr0IWsgZ7TG6aZkBrl/PsWy0DRIsFcQASX7+O0:Ce2D68wVn6A8Y8sD

Malware Config

Targets

    • Target

      59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118

    • Size

      812KB

    • MD5

      59dd98bab0a9838f1122d21021d9bb86

    • SHA1

      6c0640892eb738b868225c1d0b96fdbc390782ae

    • SHA256

      f9adc4f7e8e13e652e9a31525c191903d5efe9b0deb91caf715548e59898c216

    • SHA512

      7dc256bfe77af2a597ef77504d8689c48b7cb1562e5867c37d03f0689642787abbd2850e19202568f475c865f917c327db01abbbbb0b4bf3b8a2f60fb383ccc2

    • SSDEEP

      3072:k6ihx8eTdl+fy2UcKpSDUE/ctuTr0IWsgZ7TG6aZkBrl/PsWy0DRIsFcQASX7+O0:Ce2D68wVn6A8Y8sD

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks