General
-
Target
e3638eb021abab9b63f1c8cc03875fc2_JaffaCakes118
-
Size
328KB
-
Sample
240406-1zejeacd2z
-
MD5
e3638eb021abab9b63f1c8cc03875fc2
-
SHA1
2cf98c18d71f99b2c3956bfb2138652e724cac01
-
SHA256
119083152acde86fc8c2dc8099732dbe039e7f136535a61bced6d7c6c3197857
-
SHA512
1e0549568385d0a0fced59cf5a2f5f173440f6b72d2cca2b0e71a164e45dc1877321d8afb50579cb2d213c2db24d7e0f893b83e6130e83e72f181f38aa086707
-
SSDEEP
3072:lEa7mT5oh6vnFAiEhV78dB7uA2ZaHU+PUPaTbn1CMUah:la1RU
Static task
static1
Behavioral task
behavioral1
Sample
e3638eb021abab9b63f1c8cc03875fc2_JaffaCakes118.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
e3638eb021abab9b63f1c8cc03875fc2_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
jbxxx.no-ip.biz
Targets
-
-
Target
e3638eb021abab9b63f1c8cc03875fc2_JaffaCakes118
-
Size
328KB
-
MD5
e3638eb021abab9b63f1c8cc03875fc2
-
SHA1
2cf98c18d71f99b2c3956bfb2138652e724cac01
-
SHA256
119083152acde86fc8c2dc8099732dbe039e7f136535a61bced6d7c6c3197857
-
SHA512
1e0549568385d0a0fced59cf5a2f5f173440f6b72d2cca2b0e71a164e45dc1877321d8afb50579cb2d213c2db24d7e0f893b83e6130e83e72f181f38aa086707
-
SSDEEP
3072:lEa7mT5oh6vnFAiEhV78dB7uA2ZaHU+PUPaTbn1CMUah:la1RU
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-