General
-
Target
2a539422f59a011c3b34fcc3b7fdde26_JaffaCakes118
-
Size
3.5MB
-
Sample
240708-apla4awbjh
-
MD5
2a539422f59a011c3b34fcc3b7fdde26
-
SHA1
7b4c25c7f23b76a892dd40934b267a0071d75831
-
SHA256
2ce23c455b545ed60d62f1c318314ea978487d290eaf856713a895b8a0064e5b
-
SHA512
79d0355b7cc74afa266cf25a345e0666cd9f032cae49772f8973228b9767b7fdf71088d00187ace44ba36186e4a96be01359c5e181c8c282ef74daab2c3c9c2b
-
SSDEEP
49152:YLT04l37Qui1OyM/BokA97P7iIscWENWqEIbQN0RWGj12C/:
Static task
static1
Behavioral task
behavioral1
Sample
2a539422f59a011c3b34fcc3b7fdde26_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2a539422f59a011c3b34fcc3b7fdde26_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
2a539422f59a011c3b34fcc3b7fdde26_JaffaCakes118
-
Size
3.5MB
-
MD5
2a539422f59a011c3b34fcc3b7fdde26
-
SHA1
7b4c25c7f23b76a892dd40934b267a0071d75831
-
SHA256
2ce23c455b545ed60d62f1c318314ea978487d290eaf856713a895b8a0064e5b
-
SHA512
79d0355b7cc74afa266cf25a345e0666cd9f032cae49772f8973228b9767b7fdf71088d00187ace44ba36186e4a96be01359c5e181c8c282ef74daab2c3c9c2b
-
SSDEEP
49152:YLT04l37Qui1OyM/BokA97P7iIscWENWqEIbQN0RWGj12C/:
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-