General
-
Target
1ed142aea7d60ec93a329ae9882c2049_JaffaCakes118
-
Size
105KB
-
Sample
241008-bqeelswbjf
-
MD5
1ed142aea7d60ec93a329ae9882c2049
-
SHA1
8ce6cf6f5ef1a043b162ce34ddb24c23677697b4
-
SHA256
00221495a8c7786cdc3190ecd1cbc891117e13537167065fda7d07361ef12ee8
-
SHA512
dc3816270a3ce1ad53e5978e71ed056ee0acdc6c6f22e56a297e9647bdeb6a1c8644c2c96d4ad58e3778a9d4fbb9d40abcec982b5a09941c8a6475a71aa81dce
-
SSDEEP
1536:im34JL2EEUZhEh/3g2Bh3Ig40g2qHIQBDFKTOKou:b34JM3LIag2LQBDFKfb
Malware Config
Targets
-
-
Target
1ed142aea7d60ec93a329ae9882c2049_JaffaCakes118
-
Size
105KB
-
MD5
1ed142aea7d60ec93a329ae9882c2049
-
SHA1
8ce6cf6f5ef1a043b162ce34ddb24c23677697b4
-
SHA256
00221495a8c7786cdc3190ecd1cbc891117e13537167065fda7d07361ef12ee8
-
SHA512
dc3816270a3ce1ad53e5978e71ed056ee0acdc6c6f22e56a297e9647bdeb6a1c8644c2c96d4ad58e3778a9d4fbb9d40abcec982b5a09941c8a6475a71aa81dce
-
SSDEEP
1536:im34JL2EEUZhEh/3g2Bh3Ig40g2qHIQBDFKTOKou:b34JM3LIag2LQBDFKfb
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1