General
-
Target
e385b4d968eb4eebcef184812aa73d59_JaffaCakes118
-
Size
187KB
-
Sample
240406-29sz8aee99
-
MD5
e385b4d968eb4eebcef184812aa73d59
-
SHA1
419d009e271e2275102ff4a9fa23ed3b5bbd6ee4
-
SHA256
992084b98896a304eeae23ed0176ce5782e969e57e02664d7949b43e9474c9a5
-
SHA512
b665c1d409f4d1290f91a8801b20ba65ffad91920155246fe5631020ca64fa0d53494bde7af8b7d2e0de888c1c4c283002349e308e908af0de67c52d6940f024
-
SSDEEP
3072:C44rj/lalvjK9xq67zt9lgRtFAvjK9xq67zt9lgRtFKo:pZNjWq6mROjWq6mRm
Behavioral task
behavioral1
Sample
e385b4d968eb4eebcef184812aa73d59_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e385b4d968eb4eebcef184812aa73d59_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
ayyak.zapto.org
Targets
-
-
Target
e385b4d968eb4eebcef184812aa73d59_JaffaCakes118
-
Size
187KB
-
MD5
e385b4d968eb4eebcef184812aa73d59
-
SHA1
419d009e271e2275102ff4a9fa23ed3b5bbd6ee4
-
SHA256
992084b98896a304eeae23ed0176ce5782e969e57e02664d7949b43e9474c9a5
-
SHA512
b665c1d409f4d1290f91a8801b20ba65ffad91920155246fe5631020ca64fa0d53494bde7af8b7d2e0de888c1c4c283002349e308e908af0de67c52d6940f024
-
SSDEEP
3072:C44rj/lalvjK9xq67zt9lgRtFAvjK9xq67zt9lgRtFKo:pZNjWq6mROjWq6mRm
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-