General
-
Target
5f8ff987d0529e0c68b14fe18890228d_JaffaCakes118
-
Size
293KB
-
Sample
240720-h9qqbawbnf
-
MD5
5f8ff987d0529e0c68b14fe18890228d
-
SHA1
2a27c5d75937968f269e00a95c224812ff167ffd
-
SHA256
32002f45e592e647c57df9d56ffcc6d6aa5709a6f5a330519b97cc7d5d82776c
-
SHA512
da81487ad874ddbe907c4e1cbfaa12fc5cded606ac044d01505c08e7e7a44f3e217f4305cf44185e60ad5963c01739873c45841bec0706ab8e639ad8cab853a0
-
SSDEEP
3072:9pCu9NrTll4O/y6vO1OWFWACZ+UKPj9udcr2SKJlD+wsnYwSj/iMjub7or:PTPAXSdcryJZjsYw2iTb70
Static task
static1
Behavioral task
behavioral1
Sample
5f8ff987d0529e0c68b14fe18890228d_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
5f8ff987d0529e0c68b14fe18890228d_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
5f8ff987d0529e0c68b14fe18890228d_JaffaCakes118
-
Size
293KB
-
MD5
5f8ff987d0529e0c68b14fe18890228d
-
SHA1
2a27c5d75937968f269e00a95c224812ff167ffd
-
SHA256
32002f45e592e647c57df9d56ffcc6d6aa5709a6f5a330519b97cc7d5d82776c
-
SHA512
da81487ad874ddbe907c4e1cbfaa12fc5cded606ac044d01505c08e7e7a44f3e217f4305cf44185e60ad5963c01739873c45841bec0706ab8e639ad8cab853a0
-
SSDEEP
3072:9pCu9NrTll4O/y6vO1OWFWACZ+UKPj9udcr2SKJlD+wsnYwSj/iMjub7or:PTPAXSdcryJZjsYw2iTb70
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-