General

  • Target

    d5a4b88bed3a38f350ca15b8c79355d9_JaffaCakes118

  • Size

    393KB

  • Sample

    241208-g16vhazrgp

  • MD5

    d5a4b88bed3a38f350ca15b8c79355d9

  • SHA1

    4ec772a58fd5810ca7ab9272ae55e95c144a6815

  • SHA256

    3061e093987b420788e4e77535589b50d63c74aa8d658183b891bebb231795fb

  • SHA512

    1e0b19b8974970242ad2e23d4f95b7b4c653430fafc6c170fdbb696ef5eac4cc3beb63f192f547fe8dcb3909d5be6d9913b784c78eb23534e2761dad0299a2a6

  • SSDEEP

    12288:5c/m4JmYYkJUL47Botwz41mRtnJ2fRfvWuA74:5c/m4IHBLiBotKlJ2dG4

Malware Config

Targets

    • Target

      d5a4b88bed3a38f350ca15b8c79355d9_JaffaCakes118

    • Size

      393KB

    • MD5

      d5a4b88bed3a38f350ca15b8c79355d9

    • SHA1

      4ec772a58fd5810ca7ab9272ae55e95c144a6815

    • SHA256

      3061e093987b420788e4e77535589b50d63c74aa8d658183b891bebb231795fb

    • SHA512

      1e0b19b8974970242ad2e23d4f95b7b4c653430fafc6c170fdbb696ef5eac4cc3beb63f192f547fe8dcb3909d5be6d9913b784c78eb23534e2761dad0299a2a6

    • SSDEEP

      12288:5c/m4JmYYkJUL47Botwz41mRtnJ2fRfvWuA74:5c/m4IHBLiBotKlJ2dG4

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks