General
-
Target
a69b7b6b2d0426464dc47f41340f8afc_JaffaCakes118
-
Size
1.0MB
-
Sample
240818-nl1hha1hla
-
MD5
a69b7b6b2d0426464dc47f41340f8afc
-
SHA1
2c3f5eb5fe19fab94cf1c37afa5fd5f9ce1d068f
-
SHA256
7ed08677a7a61d03b95c3f50afea5d4c942cb241ebb875103917e487e57b329f
-
SHA512
f224c39f9578a6b967d97b98612eefc99e3102b5bea7b89141f236e0341f720d45c2c547c018198ef8ef2c5b7934f9d02129007b87864fffd92c4d97093e1da8
-
SSDEEP
24576:RiFiRKeVY1sDJsnvzrzaSGlnXbFqixxExcPWSZlB8gN/P1Agwpv:M4pe+QaMixHz8gNXEpv
Static task
static1
Behavioral task
behavioral1
Sample
a69b7b6b2d0426464dc47f41340f8afc_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
a69b7b6b2d0426464dc47f41340f8afc_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
a69b7b6b2d0426464dc47f41340f8afc_JaffaCakes118
-
Size
1.0MB
-
MD5
a69b7b6b2d0426464dc47f41340f8afc
-
SHA1
2c3f5eb5fe19fab94cf1c37afa5fd5f9ce1d068f
-
SHA256
7ed08677a7a61d03b95c3f50afea5d4c942cb241ebb875103917e487e57b329f
-
SHA512
f224c39f9578a6b967d97b98612eefc99e3102b5bea7b89141f236e0341f720d45c2c547c018198ef8ef2c5b7934f9d02129007b87864fffd92c4d97093e1da8
-
SSDEEP
24576:RiFiRKeVY1sDJsnvzrzaSGlnXbFqixxExcPWSZlB8gN/P1Agwpv:M4pe+QaMixHz8gNXEpv
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Molebox Virtualization software
Detects file using Molebox Virtualization software.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1