General
-
Target
cc04763f7fd3d1b969fbb27ac9e8fd9b_JaffaCakes118
-
Size
99KB
-
Sample
240831-bx2tgsycjp
-
MD5
cc04763f7fd3d1b969fbb27ac9e8fd9b
-
SHA1
84186e9ef9a714ba212aebd28e6f9e1f4d3abff0
-
SHA256
a524b24270992d676b525fe1b717ceffa34cf0653c9984024198f5da44e952ee
-
SHA512
be79f98a183c0769ad2211b5f6571d9430bf491d7e9db7dd59e78f5510cbc414d047a221f667230ae8464311dc6f6f946ce51f9078d93b365fa482499ba18a66
-
SSDEEP
3072:iljvybGUlB8/Pwx5AYAzGt5N1UcAjxd7:il+QxlzG1mr
Malware Config
Targets
-
-
Target
cc04763f7fd3d1b969fbb27ac9e8fd9b_JaffaCakes118
-
Size
99KB
-
MD5
cc04763f7fd3d1b969fbb27ac9e8fd9b
-
SHA1
84186e9ef9a714ba212aebd28e6f9e1f4d3abff0
-
SHA256
a524b24270992d676b525fe1b717ceffa34cf0653c9984024198f5da44e952ee
-
SHA512
be79f98a183c0769ad2211b5f6571d9430bf491d7e9db7dd59e78f5510cbc414d047a221f667230ae8464311dc6f6f946ce51f9078d93b365fa482499ba18a66
-
SSDEEP
3072:iljvybGUlB8/Pwx5AYAzGt5N1UcAjxd7:il+QxlzG1mr
Score10/10-
Detect XtremeRAT payload
-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Renames multiple (258) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-