General
-
Target
e33bb2031416e672ef074fe9338fb175_JaffaCakes118
-
Size
984KB
-
Sample
240406-zc8cjabb54
-
MD5
e33bb2031416e672ef074fe9338fb175
-
SHA1
c79be70d4af23ba3b5f7c62a384b12bebd91eacb
-
SHA256
2fc2ca2a65c0e13c02c9189ecdc0405e54f2da59fa1029df23a73a79f3efe96a
-
SHA512
9f6deaf6755b2879dab2a61a5d25be47a6678bae3d3ffb4f29b7fc09719fb4b77459586f039460bacbffa329355717bc201395479d9f6c9ce4f071ca9b79003d
-
SSDEEP
12288:9CdOy3vVrKxR5CXbNjAOxK/q2n+4YG/6c1mFFja3mXgcjfRlgsUBgaky9qJbl+KL:9Cdxte/80qYLT3U1jfsWaky0DHIQ
Static task
static1
Behavioral task
behavioral1
Sample
e33bb2031416e672ef074fe9338fb175_JaffaCakes118.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
e33bb2031416e672ef074fe9338fb175_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
e33bb2031416e672ef074fe9338fb175_JaffaCakes118
-
Size
984KB
-
MD5
e33bb2031416e672ef074fe9338fb175
-
SHA1
c79be70d4af23ba3b5f7c62a384b12bebd91eacb
-
SHA256
2fc2ca2a65c0e13c02c9189ecdc0405e54f2da59fa1029df23a73a79f3efe96a
-
SHA512
9f6deaf6755b2879dab2a61a5d25be47a6678bae3d3ffb4f29b7fc09719fb4b77459586f039460bacbffa329355717bc201395479d9f6c9ce4f071ca9b79003d
-
SSDEEP
12288:9CdOy3vVrKxR5CXbNjAOxK/q2n+4YG/6c1mFFja3mXgcjfRlgsUBgaky9qJbl+KL:9Cdxte/80qYLT3U1jfsWaky0DHIQ
Score10/10-
Detect XtremeRAT payload
-
Modifies WinLogon for persistence
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-