General
-
Target
f06f03b3a60a36a4e3e788eb78c4171c_JaffaCakes118
-
Size
44KB
-
Sample
240415-ga9tgaad2x
-
MD5
f06f03b3a60a36a4e3e788eb78c4171c
-
SHA1
987f9b949ac7c6170f0603057b36e64312bdda77
-
SHA256
ba4497aebee09d2b44f4c2b8bbcd1f132f09b359480c90a0722f5b239d6f5584
-
SHA512
870ec3ddb82fd4e29974cc6091e5eeefcbcc79dd9b9f66ddb1f14e68199b7b646856fee74c1fdd87a8a4d0f6c7fd36685119ccb45c467a04a5f8c7778f63da39
-
SSDEEP
768:BBr+tjFqTPkAlfztB1lr6an3smTA8uvm2MjCpPOzob:nyRUHlrL1lr6an3TLuvm25qob
Behavioral task
behavioral1
Sample
f06f03b3a60a36a4e3e788eb78c4171c_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f06f03b3a60a36a4e3e788eb78c4171c_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
xtremerat
mta.publicvm.com
Targets
-
-
Target
f06f03b3a60a36a4e3e788eb78c4171c_JaffaCakes118
-
Size
44KB
-
MD5
f06f03b3a60a36a4e3e788eb78c4171c
-
SHA1
987f9b949ac7c6170f0603057b36e64312bdda77
-
SHA256
ba4497aebee09d2b44f4c2b8bbcd1f132f09b359480c90a0722f5b239d6f5584
-
SHA512
870ec3ddb82fd4e29974cc6091e5eeefcbcc79dd9b9f66ddb1f14e68199b7b646856fee74c1fdd87a8a4d0f6c7fd36685119ccb45c467a04a5f8c7778f63da39
-
SSDEEP
768:BBr+tjFqTPkAlfztB1lr6an3smTA8uvm2MjCpPOzob:nyRUHlrL1lr6an3TLuvm25qob
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-