General
-
Target
f1197adf8e213a524ad6b4570abb4a8a_JaffaCakes118
-
Size
248KB
-
Sample
240415-p4vkmseg74
-
MD5
f1197adf8e213a524ad6b4570abb4a8a
-
SHA1
25298521e4e1450a17b28affc854995540ebde48
-
SHA256
977624eaf16f2c9f9cf2948e3aedc3ab0fb63de1ef967611aeba8a6780e45d45
-
SHA512
f2f4fa02f46b8046d0dec0915ad7761a533b53fca42f1240d623d66472af74f8753e4b5c09d042123aca04df2696357015a6b433743f3f66248a2858cfcabdf1
-
SSDEEP
3072:LfiQUSKagWQdZQyns1kDNow0LdEWebqIDY3w2:nkNovLTebqIDY
Static task
static1
Behavioral task
behavioral1
Sample
f1197adf8e213a524ad6b4570abb4a8a_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f1197adf8e213a524ad6b4570abb4a8a_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
firefox-dmm.sytes.net
google-pro.dyndns.info
Targets
-
-
Target
f1197adf8e213a524ad6b4570abb4a8a_JaffaCakes118
-
Size
248KB
-
MD5
f1197adf8e213a524ad6b4570abb4a8a
-
SHA1
25298521e4e1450a17b28affc854995540ebde48
-
SHA256
977624eaf16f2c9f9cf2948e3aedc3ab0fb63de1ef967611aeba8a6780e45d45
-
SHA512
f2f4fa02f46b8046d0dec0915ad7761a533b53fca42f1240d623d66472af74f8753e4b5c09d042123aca04df2696357015a6b433743f3f66248a2858cfcabdf1
-
SSDEEP
3072:LfiQUSKagWQdZQyns1kDNow0LdEWebqIDY3w2:nkNovLTebqIDY
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-