General
-
Target
e834e99912715814f2544c91b619f855_JaffaCakes118
-
Size
82KB
-
Sample
240408-xyz7yahd52
-
MD5
e834e99912715814f2544c91b619f855
-
SHA1
71c6fae429947386a8e3f0d71e47e8085a1dbaf5
-
SHA256
d85ce05fd44d376e8ef05cc4796abc7d6871eafc2689dc41c802c73676699fe6
-
SHA512
f278d9d406e070c599bdaecfac01b028bb35eb6b6c26a92a0b2651e7708714078c6fcc990a2d4f1a889792ee21736c5a20838dfb7809e67d704894a365a3d426
-
SSDEEP
1536:UN83vwiYtIqY2vPnhGpjK3fwI1+5AfvGFFykcZZivyd2B86:UN83vwTtIqjvPh4jKvwIaAfv6y16KEBJ
Static task
static1
Behavioral task
behavioral1
Sample
e834e99912715814f2544c91b619f855_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e834e99912715814f2544c91b619f855_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
sys-update.no-ip.info
Targets
-
-
Target
e834e99912715814f2544c91b619f855_JaffaCakes118
-
Size
82KB
-
MD5
e834e99912715814f2544c91b619f855
-
SHA1
71c6fae429947386a8e3f0d71e47e8085a1dbaf5
-
SHA256
d85ce05fd44d376e8ef05cc4796abc7d6871eafc2689dc41c802c73676699fe6
-
SHA512
f278d9d406e070c599bdaecfac01b028bb35eb6b6c26a92a0b2651e7708714078c6fcc990a2d4f1a889792ee21736c5a20838dfb7809e67d704894a365a3d426
-
SSDEEP
1536:UN83vwiYtIqY2vPnhGpjK3fwI1+5AfvGFFykcZZivyd2B86:UN83vwTtIqjvPh4jKvwIaAfv6y16KEBJ
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-