General
-
Target
d30bd44d161347d5ecf0aa5f6ee9506e_JaffaCakes118
-
Size
314KB
-
Sample
240907-3elhbs1ejk
-
MD5
d30bd44d161347d5ecf0aa5f6ee9506e
-
SHA1
e70a38e58e2c0d5f28b911859612067574c16c74
-
SHA256
00c0f1c0d8bce6a3ed14907f7322ecd06c0a11feb0058f1c016c65ec7518ea16
-
SHA512
0120d8791c205a009a621c0776bdfb17711e602f1bf13e90c6a6a167e475dbe2716e3a739c1938157cfcefc93eaf51c208658213f48d18276b3d03b7273aa3f2
-
SSDEEP
6144:JkbQQs4kK5DGyJKoWZxar9lJ5JvR89NlY:JxbMDGu/WZ+vIlY
Static task
static1
Behavioral task
behavioral1
Sample
d30bd44d161347d5ecf0aa5f6ee9506e_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
xpertrat
3.0.10
Group
46.183.220.104:10101
K8P3I007-I4G2-R2U0-V0G8-T1Q3K5W771L5
Targets
-
-
Target
d30bd44d161347d5ecf0aa5f6ee9506e_JaffaCakes118
-
Size
314KB
-
MD5
d30bd44d161347d5ecf0aa5f6ee9506e
-
SHA1
e70a38e58e2c0d5f28b911859612067574c16c74
-
SHA256
00c0f1c0d8bce6a3ed14907f7322ecd06c0a11feb0058f1c016c65ec7518ea16
-
SHA512
0120d8791c205a009a621c0776bdfb17711e602f1bf13e90c6a6a167e475dbe2716e3a739c1938157cfcefc93eaf51c208658213f48d18276b3d03b7273aa3f2
-
SSDEEP
6144:JkbQQs4kK5DGyJKoWZxar9lJ5JvR89NlY:JxbMDGu/WZ+vIlY
-
XpertRAT Core payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
4Subvert Trust Controls
1SIP and Trust Provider Hijacking
1