General
-
Target
34c105c3274f5e8007e750b6ce27a645_JaffaCakes118
-
Size
104KB
-
Sample
241011-ph4lesxanq
-
MD5
34c105c3274f5e8007e750b6ce27a645
-
SHA1
efb504dffdfce875cae44e9179f7afab5bf6e834
-
SHA256
498360803ae6c4f7fac2f07979d16a30e5ce4465360ce5cbe173e672730366c6
-
SHA512
3dfdf83577c4dc7289c940cb00ead2e69f26f90c7fa0a422d858b7568d1471baad711fd67f038f040b752e81ec877ca3d2eac9ca136f1bc4399058b87d799fbc
-
SSDEEP
1536:UxyqaL93kvktpu0Z2diB09q6bbnWsR/U5oUBtnFSg0HaEUSHEg:UI9GkO2mqUZ/U5jBfoFQg
Static task
static1
Behavioral task
behavioral1
Sample
34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
34c105c3274f5e8007e750b6ce27a645_JaffaCakes118
-
Size
104KB
-
MD5
34c105c3274f5e8007e750b6ce27a645
-
SHA1
efb504dffdfce875cae44e9179f7afab5bf6e834
-
SHA256
498360803ae6c4f7fac2f07979d16a30e5ce4465360ce5cbe173e672730366c6
-
SHA512
3dfdf83577c4dc7289c940cb00ead2e69f26f90c7fa0a422d858b7568d1471baad711fd67f038f040b752e81ec877ca3d2eac9ca136f1bc4399058b87d799fbc
-
SSDEEP
1536:UxyqaL93kvktpu0Z2diB09q6bbnWsR/U5oUBtnFSg0HaEUSHEg:UI9GkO2mqUZ/U5jBfoFQg
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-