General
-
Target
1bc615f1613f42987e296b1f55c32e97_JaffaCakes118
-
Size
1.2MB
-
Sample
240701-ve34daygpa
-
MD5
1bc615f1613f42987e296b1f55c32e97
-
SHA1
2cc3dea7ecf8796b71c2e3eb5d7b775bb8793d2a
-
SHA256
522444077221d01ff24cd5e67ff54e6de4120fab0dce64a177db843209a57797
-
SHA512
662087275334d42ff95df4aaad994f7720a641d6c3d1ab1c60e646083cf32d0496072e834b6ac2aad66382fa8bf086e976079316b66d0ea015b321d8569084cd
-
SSDEEP
24576:RiY70YOLnxwbjaNuO+tT9SKS3GSkG0bi5CZ1cBffE1p3g8McL2qykCp:RiYynObjaNuOWmXkG4iICXEnac5y1p
Static task
static1
Behavioral task
behavioral1
Sample
1bc615f1613f42987e296b1f55c32e97_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
1bc615f1613f42987e296b1f55c32e97_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
mkidech.dyndns-mail.com
Extracted
darkcomet
ghadefer
mkidech.zapto.org:1604
DC_MUTEX-062AY3Q
-
gencode
tnWqFu0KEmWe
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
1bc615f1613f42987e296b1f55c32e97_JaffaCakes118
-
Size
1.2MB
-
MD5
1bc615f1613f42987e296b1f55c32e97
-
SHA1
2cc3dea7ecf8796b71c2e3eb5d7b775bb8793d2a
-
SHA256
522444077221d01ff24cd5e67ff54e6de4120fab0dce64a177db843209a57797
-
SHA512
662087275334d42ff95df4aaad994f7720a641d6c3d1ab1c60e646083cf32d0496072e834b6ac2aad66382fa8bf086e976079316b66d0ea015b321d8569084cd
-
SSDEEP
24576:RiY70YOLnxwbjaNuO+tT9SKS3GSkG0bi5CZ1cBffE1p3g8McL2qykCp:RiYynObjaNuOWmXkG4iICXEnac5y1p
-
Detect XtremeRAT payload
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-