General
-
Target
f47c9b8d2c51230830d4575ad4647237_JaffaCakes118
-
Size
971KB
-
Sample
240416-2kxxwaga8v
-
MD5
f47c9b8d2c51230830d4575ad4647237
-
SHA1
99b6ce244240ed1996b9e63d072f9379350ba049
-
SHA256
c3b72e467295324862f281885750d3d860c7a6b2bd2af9b1117632750e39b071
-
SHA512
cf88181f05f7d20b6e480c23e47b20df8b4c4ac733aa3c62c46a73cc734bdf7258b43d175d1cd13302aadf4d9a72988fa6bb1d06d279445ddacc770dac3a4370
-
SSDEEP
12288:eaWzgMg7v3qnCiMErQohh0F4CCJ8lny/QCIgKKM4YV/Z2Sr:paHMv6Corjqny/QBR1V/Z2u
Static task
static1
Behavioral task
behavioral1
Sample
f47c9b8d2c51230830d4575ad4647237_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f47c9b8d2c51230830d4575ad4647237_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
f47c9b8d2c51230830d4575ad4647237_JaffaCakes118
-
Size
971KB
-
MD5
f47c9b8d2c51230830d4575ad4647237
-
SHA1
99b6ce244240ed1996b9e63d072f9379350ba049
-
SHA256
c3b72e467295324862f281885750d3d860c7a6b2bd2af9b1117632750e39b071
-
SHA512
cf88181f05f7d20b6e480c23e47b20df8b4c4ac733aa3c62c46a73cc734bdf7258b43d175d1cd13302aadf4d9a72988fa6bb1d06d279445ddacc770dac3a4370
-
SSDEEP
12288:eaWzgMg7v3qnCiMErQohh0F4CCJ8lny/QCIgKKM4YV/Z2Sr:paHMv6Corjqny/QBR1V/Z2u
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-