General
-
Target
a38f17de8012aacad82e28b2dd3a37d0_JaffaCakes118
-
Size
19KB
-
Sample
240817-wlsfwsyemg
-
MD5
a38f17de8012aacad82e28b2dd3a37d0
-
SHA1
5779154bfd10504430cc9fe1ec3fee1d389f27d7
-
SHA256
e7115c5556899d6cc25f4187a3491d9036eafc9f3efbd484e1b742b10e7ac8f5
-
SHA512
19f2d210ee720e3dbd9620e512e75eb4e59c8244337252e8787560977cdd0668c3acf0e4efb79a156b9189576bbc2567afed1ef8133c483fa3605016977721e2
-
SSDEEP
384:6HKZfuH87GowDqGoMwevqxP6k6zIDwPVBSikQdoRHynLx6w7R:nZfuHUvwDKP6kMpzdySnIS
Behavioral task
behavioral1
Sample
a38f17de8012aacad82e28b2dd3a37d0_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
a38f17de8012aacad82e28b2dd3a37d0_JaffaCakes118
-
Size
19KB
-
MD5
a38f17de8012aacad82e28b2dd3a37d0
-
SHA1
5779154bfd10504430cc9fe1ec3fee1d389f27d7
-
SHA256
e7115c5556899d6cc25f4187a3491d9036eafc9f3efbd484e1b742b10e7ac8f5
-
SHA512
19f2d210ee720e3dbd9620e512e75eb4e59c8244337252e8787560977cdd0668c3acf0e4efb79a156b9189576bbc2567afed1ef8133c483fa3605016977721e2
-
SSDEEP
384:6HKZfuH87GowDqGoMwevqxP6k6zIDwPVBSikQdoRHynLx6w7R:nZfuHUvwDKP6kMpzdySnIS
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1