Overview

overview

10

Static

static

3

fbfe8ef5a5...18.exe

windows7-x64

10

fbfe8ef5a5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fbfe8ef5a5831bd6ff6a9570903491a0_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240928-ldjtnsybll

  • MD5

    fbfe8ef5a5831bd6ff6a9570903491a0

  • SHA1

    c9f965166b0e554d34188998d4a66bbde85f8443

  • SHA256

    82f727b2747197eeb9b575fa06b3fd2a68e3cbb22f4b3000bbe220afd4e10343

  • SHA512

    683cb897b8c099812ca3b3437cb4aace71bdb39f2807bc9f5b26586e9ab4e5202588220e93ecca66721d50c4539f80a37ee844c2d41d860cfea36960506dcfb3

  • SSDEEP

    49152:Nhew44MBP0O5pVG1BonI0tsFzry9HzJkZZeb:NhJ4tR8Bh0t8yxzJmZeb

Score
10/10
xtremeratdiscoverypersistenceratspyware

Malware Config

Targets

    • Target

      fbfe8ef5a5831bd6ff6a9570903491a0_JaffaCakes118

    • Size

      1.8MB

    • MD5

      fbfe8ef5a5831bd6ff6a9570903491a0

    • SHA1

      c9f965166b0e554d34188998d4a66bbde85f8443

    • SHA256

      82f727b2747197eeb9b575fa06b3fd2a68e3cbb22f4b3000bbe220afd4e10343

    • SHA512

      683cb897b8c099812ca3b3437cb4aace71bdb39f2807bc9f5b26586e9ab4e5202588220e93ecca66721d50c4539f80a37ee844c2d41d860cfea36960506dcfb3

    • SSDEEP

      49152:Nhew44MBP0O5pVG1BonI0tsFzry9HzJkZZeb:NhJ4tR8Bh0t8yxzJmZeb

    Score
    10/10
    xtremeratdiscoverypersistenceratspyware

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks