General
-
Target
e52157c7d5b90e4cb0a526920f9c4bba_JaffaCakes118
-
Size
377KB
-
Sample
240407-rn53jsec9z
-
MD5
e52157c7d5b90e4cb0a526920f9c4bba
-
SHA1
7cb4d04789929ddbd2328b6ae155dd778a30b7c2
-
SHA256
c59f63a6ac9ac434dd9e414e9a088a3196c9a6a9756ff087034eae49fd08a676
-
SHA512
9eebf6523a9ee21699e926bf6daa8d474564fc2520425fd0b3e7a187b1ec2a223d51a45680a201368e5cee2133b883d0e2d4a4c544006c1ffbdc938ae30feb9d
-
SSDEEP
6144:/2n8tZ8hI966AGkAjOpoaY7nEd/o5Z4HwK7MnDXPvMUKARegsaHJHTc8gNmEk:/2dq6xGJOpqbEu8GTPvMUjxdc8gNm
Static task
static1
Behavioral task
behavioral1
Sample
e52157c7d5b90e4cb0a526920f9c4bba_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e52157c7d5b90e4cb0a526920f9c4bba_JaffaCakes118.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
xtremerat
far3on.zapto.org
Targets
-
-
Target
e52157c7d5b90e4cb0a526920f9c4bba_JaffaCakes118
-
Size
377KB
-
MD5
e52157c7d5b90e4cb0a526920f9c4bba
-
SHA1
7cb4d04789929ddbd2328b6ae155dd778a30b7c2
-
SHA256
c59f63a6ac9ac434dd9e414e9a088a3196c9a6a9756ff087034eae49fd08a676
-
SHA512
9eebf6523a9ee21699e926bf6daa8d474564fc2520425fd0b3e7a187b1ec2a223d51a45680a201368e5cee2133b883d0e2d4a4c544006c1ffbdc938ae30feb9d
-
SSDEEP
6144:/2n8tZ8hI966AGkAjOpoaY7nEd/o5Z4HwK7MnDXPvMUKARegsaHJHTc8gNmEk:/2dq6xGJOpqbEu8GTPvMUjxdc8gNm
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-