General
-
Target
ea5a0fe7f15672f1b24560513b82c616_JaffaCakes118
-
Size
94KB
-
Sample
240409-tapjraeg8y
-
MD5
ea5a0fe7f15672f1b24560513b82c616
-
SHA1
b80f5aec460266ad03a507b4b57bec7f21a4da65
-
SHA256
9768e004105a7fbdff97a5fdbadf05d23e0f404b5ffb8580c332108a1227d639
-
SHA512
0260a332e5cf2a7659ee45ac5d892eb5be046e8dfc28b9b6b0667a3024f1b966a10c4b1779e640bd816a30b7adb53a5bc0ad421ceef1db6ca98a22727e9176e8
-
SSDEEP
1536:zHw+A9jYNMCHrrMPIE+VWL4zu/7ogBLj2amChjQG7NpgFg8FKY7cj:TY5QHrrNE+Vi/Np2aBd7YgiK/j
Static task
static1
Behavioral task
behavioral1
Sample
ea5a0fe7f15672f1b24560513b82c616_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
ea5a0fe7f15672f1b24560513b82c616_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
boika.zapto.org
Targets
-
-
Target
ea5a0fe7f15672f1b24560513b82c616_JaffaCakes118
-
Size
94KB
-
MD5
ea5a0fe7f15672f1b24560513b82c616
-
SHA1
b80f5aec460266ad03a507b4b57bec7f21a4da65
-
SHA256
9768e004105a7fbdff97a5fdbadf05d23e0f404b5ffb8580c332108a1227d639
-
SHA512
0260a332e5cf2a7659ee45ac5d892eb5be046e8dfc28b9b6b0667a3024f1b966a10c4b1779e640bd816a30b7adb53a5bc0ad421ceef1db6ca98a22727e9176e8
-
SSDEEP
1536:zHw+A9jYNMCHrrMPIE+VWL4zu/7ogBLj2amChjQG7NpgFg8FKY7cj:TY5QHrrNE+Vi/Np2aBd7YgiK/j
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-