Overview

overview

10

Static

static

3

409e0a90f1...18.exe

windows7-x64

10

409e0a90f1...18.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/Somebudu.dll

windows7-x64

3

$TEMP/Somebudu.dll

windows10-2004-x64

3

$TEMP/foleyolet.dll

windows7-x64

3

$TEMP/foleyolet.dll

windows10-2004-x64

3

$TEMP/tukadeku.dll

windows7-x64

3

$TEMP/tukadeku.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    409e0a90f1d77bfa0a64162fef75dee5_JaffaCakes118

  • Size

    742KB

  • Sample

    241013-sts6lstcjf

  • MD5

    409e0a90f1d77bfa0a64162fef75dee5

  • SHA1

    fdd709f4f426784b8deddf13bbc9cc9ee0432b35

  • SHA256

    2351ea88e204dd23c942610956d2d8a89761794c3db853b55dfd0dd3cd8fb538

  • SHA512

    8f884a581eb6f2f910d572607826343b5cabc4ba6bb68f96e2f065c6c7a076492aea175243b21ab84760c1bb0c817af56b5283146c91f49daec500838faa4053

  • SSDEEP

    12288:orgdNDEpK58V1oY++f/P3R6qhBA0fEpRRmh7yu4rLqXTViJ1iiB2tt/7OZSE5hVz:orUdEo+1o2J6qndEpReOuGO4vB2tt/7+

Score
10/10
xtremeratdiscoverypersistenceratspywareupx

Malware Config

Targets

    • Target

      409e0a90f1d77bfa0a64162fef75dee5_JaffaCakes118

    • Size

      742KB

    • MD5

      409e0a90f1d77bfa0a64162fef75dee5

    • SHA1

      fdd709f4f426784b8deddf13bbc9cc9ee0432b35

    • SHA256

      2351ea88e204dd23c942610956d2d8a89761794c3db853b55dfd0dd3cd8fb538

    • SHA512

      8f884a581eb6f2f910d572607826343b5cabc4ba6bb68f96e2f065c6c7a076492aea175243b21ab84760c1bb0c817af56b5283146c91f49daec500838faa4053

    • SSDEEP

      12288:orgdNDEpK58V1oY++f/P3R6qhBA0fEpRRmh7yu4rLqXTViJ1iiB2tt/7OZSE5hVz:orUdEo+1o2J6qndEpReOuGO4vB2tt/7+

    Score
    10/10
    xtremeratdiscoverypersistenceratspywareupx

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $TEMP/Somebudu.dll

    • Size

      5KB

    • MD5

      fa012d4b6012d52ddb5a68cc8c31292c

    • SHA1

      e23498959b742b6c14e122d3d2384ba364da165a

    • SHA256

      abf7143775c079378153f9800fe706ad17b9b1a12d54c8ba2f87164d46f09df0

    • SHA512

      d03736d1294c4f123dcb29d223e5159ec5d01bc69e4d7c158504a2748cf15bb95fb3293137f09cae9bbfff1f1b5a80a6f185ced9e5f33189e0078ac71aaba032

    • SSDEEP

      96:pC2WnNyuOR4D12JNqYQoSTN3gO0raLZ6PJd++:pC2WnPOR4DiqYQdRZY

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $TEMP/foleyolet.dll

    • Size

      3KB

    • MD5

      17dfc5ea607c7be7441a90bb0f90e388

    • SHA1

      a348f29a39f2e1b8b81f52c8f333909bfdf4f0e9

    • SHA256

      a18b1c6593bda967f15f212bdf63ed5f9032bc945477922807bf7fbc8b9f7cda

    • SHA512

      84cf74275ac905073b50a2ec8438418f21befce1865a5dcfa4d120ba93d5d1297cbbb8211ace4945c44cd5415a135e30fe08def8e4ec92213aa9ba8ffa617a79

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $TEMP/tukadeku.dll

    • Size

      3KB

    • MD5

      ca8b761d4d06343c413f8ceea0b63884

    • SHA1

      4601ce2ae93cd729a0c63e4d4cba8bcff53685aa

    • SHA256

      468dee4f6ba0fbe94a878f71b92762ca5e0850187c2be4e0bbec4fc72e20be77

    • SHA512

      1fca2f4b717dcf111082fa40d2141d5fcffad4c64cb3191fb6b03d1345448cfc68e48ee9afb783e0f4e44d7d269153e2c6333b8c714052a43c448fd650067e47

    Score
    3/10
    discovery
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks