General
-
Target
eca542c1e38e0450e855d9cbb66e84e3_JaffaCakes118
-
Size
101KB
-
Sample
240411-evta4sca73
-
MD5
eca542c1e38e0450e855d9cbb66e84e3
-
SHA1
232b969cd81831a87a80dd15eb708032eacddaf7
-
SHA256
5a7006def138c9b6eb1c71294f65c76b9b91ea2ed010f1854f1286fc5e6ec19b
-
SHA512
5445222b001c252fc520074f7a0deb0db4081c4d959f061400bd3974f77ab753edb3602b7d27ec5db34f02016d92bcb610d8e12355d0615b584a4611ad0540d3
-
SSDEEP
1536:h5e9TOXZmOy2F9q0adirLKlTkHJE4UkWgIVPRRVouCJU:hw9TMZmz2GirLKuH6VxX
Static task
static1
Behavioral task
behavioral1
Sample
eca542c1e38e0450e855d9cbb66e84e3_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
eca542c1e38e0450e855d9cbb66e84e3_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
harshgupta.zapto.org
Targets
-
-
Target
eca542c1e38e0450e855d9cbb66e84e3_JaffaCakes118
-
Size
101KB
-
MD5
eca542c1e38e0450e855d9cbb66e84e3
-
SHA1
232b969cd81831a87a80dd15eb708032eacddaf7
-
SHA256
5a7006def138c9b6eb1c71294f65c76b9b91ea2ed010f1854f1286fc5e6ec19b
-
SHA512
5445222b001c252fc520074f7a0deb0db4081c4d959f061400bd3974f77ab753edb3602b7d27ec5db34f02016d92bcb610d8e12355d0615b584a4611ad0540d3
-
SSDEEP
1536:h5e9TOXZmOy2F9q0adirLKlTkHJE4UkWgIVPRRVouCJU:hw9TMZmz2GirLKuH6VxX
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-