General
-
Target
ec51c6ccad6e3f1fd875d1e29f0155ca_JaffaCakes118
-
Size
181KB
-
Sample
240411-awag6sae3y
-
MD5
ec51c6ccad6e3f1fd875d1e29f0155ca
-
SHA1
0e58dd8ea63f8d6939e9ce2f5385a2236e7ba1a8
-
SHA256
01691a9d128ce429d0b317baf5cd18fffd1391bf61abf9eb8d20809dc66c3c12
-
SHA512
93f1425efd33a378a5e259e4f8cb64f049056bd72939ed9e0449988e1bb772d41f74fd7e8997df36876f8f915ec24c0bc9461a35b58a028bd60587f8430ea338
-
SSDEEP
3072:1cCX8ZeBRh9CFEDRWBoJpCVEcqSJ2aobRgmFD00:EZeBRSE9W/RkgmF40
Static task
static1
Behavioral task
behavioral1
Sample
ec51c6ccad6e3f1fd875d1e29f0155ca_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
ec51c6ccad6e3f1fd875d1e29f0155ca_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
angham.no-ip.biz
Targets
-
-
Target
ec51c6ccad6e3f1fd875d1e29f0155ca_JaffaCakes118
-
Size
181KB
-
MD5
ec51c6ccad6e3f1fd875d1e29f0155ca
-
SHA1
0e58dd8ea63f8d6939e9ce2f5385a2236e7ba1a8
-
SHA256
01691a9d128ce429d0b317baf5cd18fffd1391bf61abf9eb8d20809dc66c3c12
-
SHA512
93f1425efd33a378a5e259e4f8cb64f049056bd72939ed9e0449988e1bb772d41f74fd7e8997df36876f8f915ec24c0bc9461a35b58a028bd60587f8430ea338
-
SSDEEP
3072:1cCX8ZeBRh9CFEDRWBoJpCVEcqSJ2aobRgmFD00:EZeBRSE9W/RkgmF40
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-