General
-
Target
e365dddfcc17c39934118549a051ebc6_JaffaCakes118
-
Size
324KB
-
Sample
240406-126qnsdb38
-
MD5
e365dddfcc17c39934118549a051ebc6
-
SHA1
1633f6c61b226fbfff41ca0e7e0f19390f749a9b
-
SHA256
cc1a3caa09005dbee6251c4f291c8f2dde1a4d9f7ee3d2f97937cab7fb705c4a
-
SHA512
2302bf036c0affb8a6a9b3316b398aaf6c49a9ff8766d130609f92060f67bfcc7e427a5cbd8957e6eea3e68be09db778d3d55c0711bed12254e85deb84b6aae8
-
SSDEEP
3072:Nfyr0uNHBy3CAsVZjiloZUQjDW6lp1oQCRXapFziJFE4SkqMZ8PtU3xTvvZ2Wtm:CJrtENSkqMZ8PtUhvvZ2Wtm
Static task
static1
Behavioral task
behavioral1
Sample
e365dddfcc17c39934118549a051ebc6_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e365dddfcc17c39934118549a051ebc6_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
almm.no-ip.biz
Targets
-
-
Target
e365dddfcc17c39934118549a051ebc6_JaffaCakes118
-
Size
324KB
-
MD5
e365dddfcc17c39934118549a051ebc6
-
SHA1
1633f6c61b226fbfff41ca0e7e0f19390f749a9b
-
SHA256
cc1a3caa09005dbee6251c4f291c8f2dde1a4d9f7ee3d2f97937cab7fb705c4a
-
SHA512
2302bf036c0affb8a6a9b3316b398aaf6c49a9ff8766d130609f92060f67bfcc7e427a5cbd8957e6eea3e68be09db778d3d55c0711bed12254e85deb84b6aae8
-
SSDEEP
3072:Nfyr0uNHBy3CAsVZjiloZUQjDW6lp1oQCRXapFziJFE4SkqMZ8PtU3xTvvZ2Wtm:CJrtENSkqMZ8PtUhvvZ2Wtm
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-