General
-
Target
d5a4b88bed3a38f350ca15b8c79355d9_JaffaCakes118
-
Size
393KB
-
Sample
241208-g16vhazrgp
-
MD5
d5a4b88bed3a38f350ca15b8c79355d9
-
SHA1
4ec772a58fd5810ca7ab9272ae55e95c144a6815
-
SHA256
3061e093987b420788e4e77535589b50d63c74aa8d658183b891bebb231795fb
-
SHA512
1e0b19b8974970242ad2e23d4f95b7b4c653430fafc6c170fdbb696ef5eac4cc3beb63f192f547fe8dcb3909d5be6d9913b784c78eb23534e2761dad0299a2a6
-
SSDEEP
12288:5c/m4JmYYkJUL47Botwz41mRtnJ2fRfvWuA74:5c/m4IHBLiBotKlJ2dG4
Static task
static1
Behavioral task
behavioral1
Sample
d5a4b88bed3a38f350ca15b8c79355d9_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
d5a4b88bed3a38f350ca15b8c79355d9_JaffaCakes118
-
Size
393KB
-
MD5
d5a4b88bed3a38f350ca15b8c79355d9
-
SHA1
4ec772a58fd5810ca7ab9272ae55e95c144a6815
-
SHA256
3061e093987b420788e4e77535589b50d63c74aa8d658183b891bebb231795fb
-
SHA512
1e0b19b8974970242ad2e23d4f95b7b4c653430fafc6c170fdbb696ef5eac4cc3beb63f192f547fe8dcb3909d5be6d9913b784c78eb23534e2761dad0299a2a6
-
SSDEEP
12288:5c/m4JmYYkJUL47Botwz41mRtnJ2fRfvWuA74:5c/m4IHBLiBotKlJ2dG4
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-