General
-
Target
ecbbeb93d61f0d6fd5b002749e4acd3b_JaffaCakes118
-
Size
301KB
-
Sample
240411-fv871adb27
-
MD5
ecbbeb93d61f0d6fd5b002749e4acd3b
-
SHA1
b13339519df07c12ef58704623d7f923e6086a78
-
SHA256
40248f33d959495f8f7b35c15f1858a31d874ef3366f2bd6f624138ea6d4b70a
-
SHA512
35921ea2c73d4a81837d5d112d49d1f5cb922a63f8e4a87ebc1ad4ac2795369fa35478262c1e9146cdf36ac72e22dd6508825322b02a569c579f2948ef7ac137
-
SSDEEP
6144:ouwcImdB0feFQ4cV4PyVQMPOQztf3Dbpj1nZAbos/Fu28Ah:oJKd694PyVQ2tf/7nXs/Fnb
Static task
static1
Behavioral task
behavioral1
Sample
ecbbeb93d61f0d6fd5b002749e4acd3b_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ecbbeb93d61f0d6fd5b002749e4acd3b_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
antonio130.no-ip.org
Targets
-
-
Target
ecbbeb93d61f0d6fd5b002749e4acd3b_JaffaCakes118
-
Size
301KB
-
MD5
ecbbeb93d61f0d6fd5b002749e4acd3b
-
SHA1
b13339519df07c12ef58704623d7f923e6086a78
-
SHA256
40248f33d959495f8f7b35c15f1858a31d874ef3366f2bd6f624138ea6d4b70a
-
SHA512
35921ea2c73d4a81837d5d112d49d1f5cb922a63f8e4a87ebc1ad4ac2795369fa35478262c1e9146cdf36ac72e22dd6508825322b02a569c579f2948ef7ac137
-
SSDEEP
6144:ouwcImdB0feFQ4cV4PyVQMPOQztf3Dbpj1nZAbos/Fu28Ah:oJKd694PyVQ2tf/7nXs/Fnb
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-