General
-
Target
279a3c39abc126fed0b3f4a99fbe8267_JaffaCakes118
-
Size
1.2MB
-
Sample
240706-hhnfwayhpm
-
MD5
279a3c39abc126fed0b3f4a99fbe8267
-
SHA1
10ef159a408759dae475452754bf8305163751ce
-
SHA256
d5c7d6b7907e39b9cdc074d4ce7f6a5ba275d0aeb1f16f350524f5d63c818c45
-
SHA512
98d764b324cb13559e120b15d7066f72db2ddef90809e36bd1805b95bb40c2407465a6c9bbf5348e4dec6eb75fdaed175ef2d4544cfb774edca404c60cdedc60
-
SSDEEP
24576:xXGL++sj6vOQ5uVq1gpLiV+JvO1rPBoWK+LuuEW+97iLCkZVBpqvx:Gg6l5upLijBot+6FDJidVjex
Static task
static1
Behavioral task
behavioral1
Sample
279a3c39abc126fed0b3f4a99fbe8267_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
279a3c39abc126fed0b3f4a99fbe8267_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
279a3c39abc126fed0b3f4a99fbe8267_JaffaCakes118
-
Size
1.2MB
-
MD5
279a3c39abc126fed0b3f4a99fbe8267
-
SHA1
10ef159a408759dae475452754bf8305163751ce
-
SHA256
d5c7d6b7907e39b9cdc074d4ce7f6a5ba275d0aeb1f16f350524f5d63c818c45
-
SHA512
98d764b324cb13559e120b15d7066f72db2ddef90809e36bd1805b95bb40c2407465a6c9bbf5348e4dec6eb75fdaed175ef2d4544cfb774edca404c60cdedc60
-
SSDEEP
24576:xXGL++sj6vOQ5uVq1gpLiV+JvO1rPBoWK+LuuEW+97iLCkZVBpqvx:Gg6l5upLijBot+6FDJidVjex
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-