General
-
Target
e6d46e38e12073aa2d47ebede0e35751_JaffaCakes118
-
Size
157KB
-
Sample
240408-g59rysaf88
-
MD5
e6d46e38e12073aa2d47ebede0e35751
-
SHA1
12c412c8c29dc1ee9d7e0d5fc305e4864ae89804
-
SHA256
7876c0589ac9803743229709fcb22fc2d1b67931d3564e335639e2ac2e3fb8e2
-
SHA512
f39bfb0cee6218c22f47cbcef67cd9cc2dcda6b51dbc62db06d05995cd2c934fd9fc612741188df76e1248d9b5b9d76daecdc2ed65e03dd72d095d2f06e6a9db
-
SSDEEP
3072:s0oXWJg/469j1fvAxDsaNib+pheIbG4I08+ACyT3nOGY9MMsaVtH+Hu:s0oGkjBYxQnb+aYvIL+n43BYGkVta
Behavioral task
behavioral1
Sample
e6d46e38e12073aa2d47ebede0e35751_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e6d46e38e12073aa2d47ebede0e35751_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
rabah1627.zapto.org
Targets
-
-
Target
e6d46e38e12073aa2d47ebede0e35751_JaffaCakes118
-
Size
157KB
-
MD5
e6d46e38e12073aa2d47ebede0e35751
-
SHA1
12c412c8c29dc1ee9d7e0d5fc305e4864ae89804
-
SHA256
7876c0589ac9803743229709fcb22fc2d1b67931d3564e335639e2ac2e3fb8e2
-
SHA512
f39bfb0cee6218c22f47cbcef67cd9cc2dcda6b51dbc62db06d05995cd2c934fd9fc612741188df76e1248d9b5b9d76daecdc2ed65e03dd72d095d2f06e6a9db
-
SSDEEP
3072:s0oXWJg/469j1fvAxDsaNib+pheIbG4I08+ACyT3nOGY9MMsaVtH+Hu:s0oGkjBYxQnb+aYvIL+n43BYGkVta
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-