General
-
Target
e315b3d3e47bf4dc0c87d6c3b652e3fd_JaffaCakes118
-
Size
180KB
-
Sample
240406-xzgrzshc63
-
MD5
e315b3d3e47bf4dc0c87d6c3b652e3fd
-
SHA1
eada9af08cbc8e8007581bcc3bc12f3b37cec033
-
SHA256
5001b90597810359564614449589d00f9893845cc2a0a1ba189a4b8dc6f85afc
-
SHA512
c07efac0f0cb512475f66a76ce5b617a4b1f369d2078c2e764734548cd1a62819b6ce258559a7bb9d333c8288a7c39ae2818f8d41def99f866f7acec5d6d393a
-
SSDEEP
768:6MnIqgFMg9dvtRKLltgqzGPwPIUn0nrWWWFGjx/bPriUWUGTxFbPrlpWPGyxebPe:6a09yltH3P5n0n6WWFgPWUmPWPQ
Behavioral task
behavioral1
Sample
e315b3d3e47bf4dc0c87d6c3b652e3fd_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
e315b3d3e47bf4dc0c87d6c3b652e3fd_JaffaCakes118.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xtremerat
momo44.no-ip.biz
Targets
-
-
Target
e315b3d3e47bf4dc0c87d6c3b652e3fd_JaffaCakes118
-
Size
180KB
-
MD5
e315b3d3e47bf4dc0c87d6c3b652e3fd
-
SHA1
eada9af08cbc8e8007581bcc3bc12f3b37cec033
-
SHA256
5001b90597810359564614449589d00f9893845cc2a0a1ba189a4b8dc6f85afc
-
SHA512
c07efac0f0cb512475f66a76ce5b617a4b1f369d2078c2e764734548cd1a62819b6ce258559a7bb9d333c8288a7c39ae2818f8d41def99f866f7acec5d6d393a
-
SSDEEP
768:6MnIqgFMg9dvtRKLltgqzGPwPIUn0nrWWWFGjx/bPriUWUGTxFbPrlpWPGyxebPe:6a09yltH3P5n0n6WWFgPWUmPWPQ
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Drops file in System32 directory
-