General
-
Target
e89200d7feab7de79a4be3045e3033a0_JaffaCakes118
-
Size
85KB
-
Sample
240408-2ehk1adf76
-
MD5
e89200d7feab7de79a4be3045e3033a0
-
SHA1
15116bda4d6dce12ce15371c61806d65c9d0ecde
-
SHA256
aebcee73ed752e334da81ddbbfa30cf0e42dab6b9b25271244d03247239f8149
-
SHA512
eb2c5bf0a649d019563a3048e988397b550a5ed96383a14a49de6592d082aa28fbaa8bb2b96e8f4805f5aa58a0501f9cdca429d84ebbaa8f0121c87ed36eaca0
-
SSDEEP
1536:Wd22wdjPAtpRQSQcs7QXFEmZQQGfjswHgEv0xlBkhB+Z+EuE:WU2wdklHFX6m6rLfAEv0xlBkf+YEb
Static task
static1
Behavioral task
behavioral1
Sample
e89200d7feab7de79a4be3045e3033a0_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e89200d7feab7de79a4be3045e3033a0_JaffaCakes118.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
e89200d7feab7de79a4be3045e3033a0_JaffaCakes118
-
Size
85KB
-
MD5
e89200d7feab7de79a4be3045e3033a0
-
SHA1
15116bda4d6dce12ce15371c61806d65c9d0ecde
-
SHA256
aebcee73ed752e334da81ddbbfa30cf0e42dab6b9b25271244d03247239f8149
-
SHA512
eb2c5bf0a649d019563a3048e988397b550a5ed96383a14a49de6592d082aa28fbaa8bb2b96e8f4805f5aa58a0501f9cdca429d84ebbaa8f0121c87ed36eaca0
-
SSDEEP
1536:Wd22wdjPAtpRQSQcs7QXFEmZQQGfjswHgEv0xlBkhB+Z+EuE:WU2wdklHFX6m6rLfAEv0xlBkf+YEb
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-