General
-
Target
f05a02ef611cc0db1a64bb859a069497_JaffaCakes118
-
Size
376KB
-
Sample
240415-fhe4dshe5x
-
MD5
f05a02ef611cc0db1a64bb859a069497
-
SHA1
6f873621db30814be163f4ae3ddf2d71cb8fb2fa
-
SHA256
d5f343c90024ae4e5e427b813ab4cb009d12f5bc3d2ff33990418b0bfa76022d
-
SHA512
baa22020e303ab74c737e37c896ef518aecbe8658f120994898ae60912ce8e6dda4ba0d340c97aa4c587fde81a0b4e8f58fbf0f6ed36015dcd45208710892563
-
SSDEEP
6144:l1db49+rEg024fpLZazEjvE/rbay19tSt4bO2BaDmeBJe59aI3yN5gyNA4:ljkArEN249AyE/rbaMct4bO2/VJyYyz
Behavioral task
behavioral1
Sample
f05a02ef611cc0db1a64bb859a069497_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f05a02ef611cc0db1a64bb859a069497_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
xtremerat
123vivalgerie.no-ip.biz
ƶallgeriaa.zapto.org
getdesktoppreviewinfo|130mahdidi.zapto.org
ƶ123vivalgerie.no-ip.biz
Targets
-
-
Target
f05a02ef611cc0db1a64bb859a069497_JaffaCakes118
-
Size
376KB
-
MD5
f05a02ef611cc0db1a64bb859a069497
-
SHA1
6f873621db30814be163f4ae3ddf2d71cb8fb2fa
-
SHA256
d5f343c90024ae4e5e427b813ab4cb009d12f5bc3d2ff33990418b0bfa76022d
-
SHA512
baa22020e303ab74c737e37c896ef518aecbe8658f120994898ae60912ce8e6dda4ba0d340c97aa4c587fde81a0b4e8f58fbf0f6ed36015dcd45208710892563
-
SSDEEP
6144:l1db49+rEg024fpLZazEjvE/rbay19tSt4bO2BaDmeBJe59aI3yN5gyNA4:ljkArEN249AyE/rbaMct4bO2/VJyYyz
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-