General
-
Target
79a5196da396b96343044126f66d4edc_JaffaCakes118
-
Size
720KB
-
Sample
241028-pqq1asxkdw
-
MD5
79a5196da396b96343044126f66d4edc
-
SHA1
a2a864d1aa86d2309c88c205de87b0024cb51522
-
SHA256
cc2711fdcb2faad489be94a39ad855c0923da38a86a7b1a9739aef3f51991dc1
-
SHA512
308c831918f71de6501ddc6983c2fca3aa727940a932f44cf5e7beb7a20e2860aa4b070778b4a1320315c3589ec8b2f97c1012cc2371d89b4d036b843f1af554
-
SSDEEP
12288:e+XbsaO1RUgWA6MKedpjpKNNt6vSR5SFgeiqRwMnJZQDx8XCj1B6CwbqR:Zr7WUZA6MKSWPNTDx8XCUbw
Static task
static1
Behavioral task
behavioral1
Sample
79a5196da396b96343044126f66d4edc_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
79a5196da396b96343044126f66d4edc_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
79a5196da396b96343044126f66d4edc_JaffaCakes118
-
Size
720KB
-
MD5
79a5196da396b96343044126f66d4edc
-
SHA1
a2a864d1aa86d2309c88c205de87b0024cb51522
-
SHA256
cc2711fdcb2faad489be94a39ad855c0923da38a86a7b1a9739aef3f51991dc1
-
SHA512
308c831918f71de6501ddc6983c2fca3aa727940a932f44cf5e7beb7a20e2860aa4b070778b4a1320315c3589ec8b2f97c1012cc2371d89b4d036b843f1af554
-
SSDEEP
12288:e+XbsaO1RUgWA6MKedpjpKNNt6vSR5SFgeiqRwMnJZQDx8XCj1B6CwbqR:Zr7WUZA6MKSWPNTDx8XCUbw
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1