General

  • Target

    c15a97e372086d47aec3a27589dd151e_JaffaCakes118

  • Size

    165KB

  • Sample

    240825-xge6fa1akn

  • MD5

    c15a97e372086d47aec3a27589dd151e

  • SHA1

    652f5ecbd67f4eac19848700c368c1102f7b91f0

  • SHA256

    eed4a413763b7a54a5b66b7640e05fea4f76c59f8fdf4302b2bad7b20e974e73

  • SHA512

    be2dd2dbc01bb1db52ac9bcc1022a46a69ce2ea50ba3f54d1477dcd32e773de161e6ea5b2952e3c4ccddd8d681c94dfbade70209f9f4f56f49bef11bacd9e1cd

  • SSDEEP

    3072:fpCu9NrTll4O/y6vO1OWFWACZ+7bbHYsYnAnffmYwSj/iMjubHoH:RTPAXX7YEfOYw2iTbHk

Malware Config

Targets

    • Target

      c15a97e372086d47aec3a27589dd151e_JaffaCakes118

    • Size

      165KB

    • MD5

      c15a97e372086d47aec3a27589dd151e

    • SHA1

      652f5ecbd67f4eac19848700c368c1102f7b91f0

    • SHA256

      eed4a413763b7a54a5b66b7640e05fea4f76c59f8fdf4302b2bad7b20e974e73

    • SHA512

      be2dd2dbc01bb1db52ac9bcc1022a46a69ce2ea50ba3f54d1477dcd32e773de161e6ea5b2952e3c4ccddd8d681c94dfbade70209f9f4f56f49bef11bacd9e1cd

    • SSDEEP

      3072:fpCu9NrTll4O/y6vO1OWFWACZ+7bbHYsYnAnffmYwSj/iMjubHoH:RTPAXX7YEfOYw2iTbHk

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks