General
-
Target
e26812cdddfce9e9a18567d24f998e76_JaffaCakes118
-
Size
73KB
-
Sample
240406-m9jdfshe92
-
MD5
e26812cdddfce9e9a18567d24f998e76
-
SHA1
aecf41bd6145b25dfb8d59155e8a42995a3c50fb
-
SHA256
744059fc8c989526ac33f8d85e7e8478a3eed48b2dff3e9574ab65bbb6f2494a
-
SHA512
954762f6d4c91dccf52460832bcdd645d9f4cb960f2d8fd61b9c875697e3fc8ea55097dd3985885ef4823b90416a7dea2129a2c4db12fe3cc919ac129beed573
-
SSDEEP
1536:1w2CL58G8H5G0SsNGIGoEl9je3Qw0HSSbiZsfHxHoiPX:+9nUNioEbje3Qw0HSSbks95
Static task
static1
Behavioral task
behavioral1
Sample
e26812cdddfce9e9a18567d24f998e76_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e26812cdddfce9e9a18567d24f998e76_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
e26812cdddfce9e9a18567d24f998e76_JaffaCakes118
-
Size
73KB
-
MD5
e26812cdddfce9e9a18567d24f998e76
-
SHA1
aecf41bd6145b25dfb8d59155e8a42995a3c50fb
-
SHA256
744059fc8c989526ac33f8d85e7e8478a3eed48b2dff3e9574ab65bbb6f2494a
-
SHA512
954762f6d4c91dccf52460832bcdd645d9f4cb960f2d8fd61b9c875697e3fc8ea55097dd3985885ef4823b90416a7dea2129a2c4db12fe3cc919ac129beed573
-
SSDEEP
1536:1w2CL58G8H5G0SsNGIGoEl9je3Qw0HSSbiZsfHxHoiPX:+9nUNioEbje3Qw0HSSbks95
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-