General

  • Target

    a69b7b6b2d0426464dc47f41340f8afc_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240818-nl1hha1hla

  • MD5

    a69b7b6b2d0426464dc47f41340f8afc

  • SHA1

    2c3f5eb5fe19fab94cf1c37afa5fd5f9ce1d068f

  • SHA256

    7ed08677a7a61d03b95c3f50afea5d4c942cb241ebb875103917e487e57b329f

  • SHA512

    f224c39f9578a6b967d97b98612eefc99e3102b5bea7b89141f236e0341f720d45c2c547c018198ef8ef2c5b7934f9d02129007b87864fffd92c4d97093e1da8

  • SSDEEP

    24576:RiFiRKeVY1sDJsnvzrzaSGlnXbFqixxExcPWSZlB8gN/P1Agwpv:M4pe+QaMixHz8gNXEpv

Malware Config

Targets

    • Target

      a69b7b6b2d0426464dc47f41340f8afc_JaffaCakes118

    • Size

      1.0MB

    • MD5

      a69b7b6b2d0426464dc47f41340f8afc

    • SHA1

      2c3f5eb5fe19fab94cf1c37afa5fd5f9ce1d068f

    • SHA256

      7ed08677a7a61d03b95c3f50afea5d4c942cb241ebb875103917e487e57b329f

    • SHA512

      f224c39f9578a6b967d97b98612eefc99e3102b5bea7b89141f236e0341f720d45c2c547c018198ef8ef2c5b7934f9d02129007b87864fffd92c4d97093e1da8

    • SSDEEP

      24576:RiFiRKeVY1sDJsnvzrzaSGlnXbFqixxExcPWSZlB8gN/P1Agwpv:M4pe+QaMixHz8gNXEpv

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Molebox Virtualization software

      Detects file using Molebox Virtualization software.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks