General

  • Target

    34c105c3274f5e8007e750b6ce27a645_JaffaCakes118

  • Size

    104KB

  • Sample

    241011-ph4lesxanq

  • MD5

    34c105c3274f5e8007e750b6ce27a645

  • SHA1

    efb504dffdfce875cae44e9179f7afab5bf6e834

  • SHA256

    498360803ae6c4f7fac2f07979d16a30e5ce4465360ce5cbe173e672730366c6

  • SHA512

    3dfdf83577c4dc7289c940cb00ead2e69f26f90c7fa0a422d858b7568d1471baad711fd67f038f040b752e81ec877ca3d2eac9ca136f1bc4399058b87d799fbc

  • SSDEEP

    1536:UxyqaL93kvktpu0Z2diB09q6bbnWsR/U5oUBtnFSg0HaEUSHEg:UI9GkO2mqUZ/U5jBfoFQg

Malware Config

Targets

    • Target

      34c105c3274f5e8007e750b6ce27a645_JaffaCakes118

    • Size

      104KB

    • MD5

      34c105c3274f5e8007e750b6ce27a645

    • SHA1

      efb504dffdfce875cae44e9179f7afab5bf6e834

    • SHA256

      498360803ae6c4f7fac2f07979d16a30e5ce4465360ce5cbe173e672730366c6

    • SHA512

      3dfdf83577c4dc7289c940cb00ead2e69f26f90c7fa0a422d858b7568d1471baad711fd67f038f040b752e81ec877ca3d2eac9ca136f1bc4399058b87d799fbc

    • SSDEEP

      1536:UxyqaL93kvktpu0Z2diB09q6bbnWsR/U5oUBtnFSg0HaEUSHEg:UI9GkO2mqUZ/U5jBfoFQg

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks