General
-
Target
612bab126a2b67000f65d56691d516bd_JaffaCakes118
-
Size
84KB
-
Sample
240721-yk4hwatgnj
-
MD5
612bab126a2b67000f65d56691d516bd
-
SHA1
7165f6354d53b3e72c090609f9100657d1d6abc4
-
SHA256
af18377bb71be9de8c783a20641cf866165ee760a2003b8eb47a15e9df04086e
-
SHA512
44b3232233e07447a23cd9e34005e0d571e20ec561dd723b88a43108d53a77aa74fff1f508b3e41848cd4c80ac4cbf979c8e39d47e5c10c0d23e575142e846b4
-
SSDEEP
1536:ZP1y+QEd7Y83T/y+EsTCT9F0ZFqTnGtHtlBv9VAUfqESUj667CEbu6Q8:ZNKEd7R3MsmT9WZFqTnMNlBjAuXSfj6R
Static task
static1
Behavioral task
behavioral1
Sample
612bab126a2b67000f65d56691d516bd_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
612bab126a2b67000f65d56691d516bd_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
612bab126a2b67000f65d56691d516bd_JaffaCakes118
-
Size
84KB
-
MD5
612bab126a2b67000f65d56691d516bd
-
SHA1
7165f6354d53b3e72c090609f9100657d1d6abc4
-
SHA256
af18377bb71be9de8c783a20641cf866165ee760a2003b8eb47a15e9df04086e
-
SHA512
44b3232233e07447a23cd9e34005e0d571e20ec561dd723b88a43108d53a77aa74fff1f508b3e41848cd4c80ac4cbf979c8e39d47e5c10c0d23e575142e846b4
-
SSDEEP
1536:ZP1y+QEd7Y83T/y+EsTCT9F0ZFqTnGtHtlBv9VAUfqESUj667CEbu6Q8:ZNKEd7R3MsmT9WZFqTnMNlBjAuXSfj6R
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-