General
-
Target
JaffaCakes118_7af67aa012eba9c6365942d4a0684bc4
-
Size
352KB
-
Sample
250202-keclbatlhv
-
MD5
7af67aa012eba9c6365942d4a0684bc4
-
SHA1
64e5cab6e28fddfb2215710ac7fbf95f38a94e6b
-
SHA256
51538b08c960c0383b5a5bc244f17fa833da5829a0cf589c0c3453a9e08d9e7f
-
SHA512
c397c9d38feb5c39ea9caf80e9a1646b5dc5033f3081e16406eace4c810f2eb7f3288c03884d5ed86340ffa255b72e5c9763dd8ef79c7be0601905bb96dbf0da
-
SSDEEP
6144:dKoS4DZ3A+E0I8IQB2vI1CDitFuZtzzk7fPxSnyVNck/iPJgsROBevh+1HNX467H:YoS493ACIl7vI1kiqHNnyVek/a4QmHNp
Malware Config
Targets
-
-
Target
JaffaCakes118_7af67aa012eba9c6365942d4a0684bc4
-
Size
352KB
-
MD5
7af67aa012eba9c6365942d4a0684bc4
-
SHA1
64e5cab6e28fddfb2215710ac7fbf95f38a94e6b
-
SHA256
51538b08c960c0383b5a5bc244f17fa833da5829a0cf589c0c3453a9e08d9e7f
-
SHA512
c397c9d38feb5c39ea9caf80e9a1646b5dc5033f3081e16406eace4c810f2eb7f3288c03884d5ed86340ffa255b72e5c9763dd8ef79c7be0601905bb96dbf0da
-
SSDEEP
6144:dKoS4DZ3A+E0I8IQB2vI1CDitFuZtzzk7fPxSnyVNck/iPJgsROBevh+1HNX467H:YoS493ACIl7vI1kiqHNnyVek/a4QmHNp
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-