General
-
Target
f0c970f8c93e1635df918a56e647fd78_JaffaCakes118
-
Size
134KB
-
Sample
240415-lzg7zabf63
-
MD5
f0c970f8c93e1635df918a56e647fd78
-
SHA1
f323ae551d6822308eaa9c9ed887c07185fd1953
-
SHA256
675b8a12a40dfb0f2b65b373fb6de7afce122eeb0747e2535eced225217917c2
-
SHA512
19e37122776dbb01eef5bfaf694a41c776e013be32d2c71bfe0da08e6c3631790ccbc2821611f3d368968154616ed3898fb3eb5574d9631fbec262094eff93f3
-
SSDEEP
3072:ypPOYRo1sD9IDPb/o7jNGMFhXv+vJ2eSxMPzrc77OWw8x8c:CPOYRoYaPb/oN3/hebc769/c
Static task
static1
Behavioral task
behavioral1
Sample
f0c970f8c93e1635df918a56e647fd78_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f0c970f8c93e1635df918a56e647fd78_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
f0c970f8c93e1635df918a56e647fd78_JaffaCakes118
-
Size
134KB
-
MD5
f0c970f8c93e1635df918a56e647fd78
-
SHA1
f323ae551d6822308eaa9c9ed887c07185fd1953
-
SHA256
675b8a12a40dfb0f2b65b373fb6de7afce122eeb0747e2535eced225217917c2
-
SHA512
19e37122776dbb01eef5bfaf694a41c776e013be32d2c71bfe0da08e6c3631790ccbc2821611f3d368968154616ed3898fb3eb5574d9631fbec262094eff93f3
-
SSDEEP
3072:ypPOYRo1sD9IDPb/o7jNGMFhXv+vJ2eSxMPzrc77OWw8x8c:CPOYRoYaPb/oN3/hebc769/c
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-