General
-
Target
e3717940d2d4fa418843e9ab53bbb7a4_JaffaCakes118
-
Size
97KB
-
Sample
240406-2hdq8ada3t
-
MD5
e3717940d2d4fa418843e9ab53bbb7a4
-
SHA1
8528f756f6b1f14af29c9a4139bd37fd53b64175
-
SHA256
b745241d825fbf4a2f28e59431f18db627fd86b7d75016555bf6ce5142a89b24
-
SHA512
6e0392cfed6820b50ccf4317226b5595f4c3957abbe75d6bdb949b038e196dccc53d072029601f4c5402448287cd94c70156043c2635d4ffaf44f5ac30a5475b
-
SSDEEP
1536:qLWQa+NWAKxFN1Gt5BokrLMFGeSnZQAPRhHzTTaVEtT6dH8IVvby4gThM1O6xavH:ujXeSnZ1bTvD10vb09Mpxac4n7CHbk
Static task
static1
Behavioral task
behavioral1
Sample
e3717940d2d4fa418843e9ab53bbb7a4_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e3717940d2d4fa418843e9ab53bbb7a4_JaffaCakes118.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xtremerat
xsstrema.no-ip.org
Targets
-
-
Target
e3717940d2d4fa418843e9ab53bbb7a4_JaffaCakes118
-
Size
97KB
-
MD5
e3717940d2d4fa418843e9ab53bbb7a4
-
SHA1
8528f756f6b1f14af29c9a4139bd37fd53b64175
-
SHA256
b745241d825fbf4a2f28e59431f18db627fd86b7d75016555bf6ce5142a89b24
-
SHA512
6e0392cfed6820b50ccf4317226b5595f4c3957abbe75d6bdb949b038e196dccc53d072029601f4c5402448287cd94c70156043c2635d4ffaf44f5ac30a5475b
-
SSDEEP
1536:qLWQa+NWAKxFN1Gt5BokrLMFGeSnZQAPRhHzTTaVEtT6dH8IVvby4gThM1O6xavH:ujXeSnZ1bTvD10vb09Mpxac4n7CHbk
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-