General
-
Target
e574c5b4bd8c3aa1bb01f4cec4e665e7_JaffaCakes118
-
Size
243KB
-
Sample
240407-vwz32saa75
-
MD5
e574c5b4bd8c3aa1bb01f4cec4e665e7
-
SHA1
2c7687500578f37691e6ea794c39e2780f4362f1
-
SHA256
a0da3171a44b064723a9c4cc910ea7e8d8a146aeeff6fdfd8d17ea2f3714e82a
-
SHA512
8472e794189b29857b56c0b5f6581effd18203454cc1901758ae663e2c2a467690504e1a4dceb9673820494811eb999405be0098950865accffb8e48775b991d
-
SSDEEP
3072:XFd2Afoka0uMMGYmKlMCJ+UrxkCkK9a7+Z3wCYdj8vK1HDvhk1eSkDyfCnewUmGT:1jQwuYKs7M3jvEu1nkaCneT3NmEQ6
Static task
static1
Behavioral task
behavioral1
Sample
e574c5b4bd8c3aa1bb01f4cec4e665e7_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e574c5b4bd8c3aa1bb01f4cec4e665e7_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
umtakcicek.dyndns.org
ࠁ谀umtakcicek.dyndns.org
Targets
-
-
Target
e574c5b4bd8c3aa1bb01f4cec4e665e7_JaffaCakes118
-
Size
243KB
-
MD5
e574c5b4bd8c3aa1bb01f4cec4e665e7
-
SHA1
2c7687500578f37691e6ea794c39e2780f4362f1
-
SHA256
a0da3171a44b064723a9c4cc910ea7e8d8a146aeeff6fdfd8d17ea2f3714e82a
-
SHA512
8472e794189b29857b56c0b5f6581effd18203454cc1901758ae663e2c2a467690504e1a4dceb9673820494811eb999405be0098950865accffb8e48775b991d
-
SSDEEP
3072:XFd2Afoka0uMMGYmKlMCJ+UrxkCkK9a7+Z3wCYdj8vK1HDvhk1eSkDyfCnewUmGT:1jQwuYKs7M3jvEu1nkaCneT3NmEQ6
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-