General
-
Target
e50b11cd30d4358daac37c9d100f3b42_JaffaCakes118
-
Size
324KB
-
Sample
240407-qsln2ade7y
-
MD5
e50b11cd30d4358daac37c9d100f3b42
-
SHA1
6674b25458bd077b6dc9c873f2db5181ab980bea
-
SHA256
807b521cf7ce4b7002d31883800c60e35a4c56e32581d1615e06d3698b50c4f1
-
SHA512
0d72446950e322013ac0c3e6a7f1949f97f187f7934ad2416c2209c0d84b79e9c58c31d12d0f009cc5a60b205787e0940fb40859e966de30677b8d56fac99909
-
SSDEEP
3072:x4SkDDRU/bLtDaN4UbqgQKYOZFLvy5Lq46HS5axvk3LS:Vq46HS5axvk
Static task
static1
Behavioral task
behavioral1
Sample
e50b11cd30d4358daac37c9d100f3b42_JaffaCakes118.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
e50b11cd30d4358daac37c9d100f3b42_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
wasel.no-ip.biz
Targets
-
-
Target
e50b11cd30d4358daac37c9d100f3b42_JaffaCakes118
-
Size
324KB
-
MD5
e50b11cd30d4358daac37c9d100f3b42
-
SHA1
6674b25458bd077b6dc9c873f2db5181ab980bea
-
SHA256
807b521cf7ce4b7002d31883800c60e35a4c56e32581d1615e06d3698b50c4f1
-
SHA512
0d72446950e322013ac0c3e6a7f1949f97f187f7934ad2416c2209c0d84b79e9c58c31d12d0f009cc5a60b205787e0940fb40859e966de30677b8d56fac99909
-
SSDEEP
3072:x4SkDDRU/bLtDaN4UbqgQKYOZFLvy5Lq46HS5axvk3LS:Vq46HS5axvk
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-