General
-
Target
f36e9ca4cd36d196f61291eb76e6652c_JaffaCakes118
-
Size
440KB
-
Sample
240416-nzgbsabd5z
-
MD5
f36e9ca4cd36d196f61291eb76e6652c
-
SHA1
ceee9ab9d12b36e45389858dc90acc6d7b02b0b0
-
SHA256
6bc8932d86ba0cfcdddeaf7c79288014154c1ee1577b9e0627c9051219bdd72d
-
SHA512
af23d19513e68f6eba027869fdf6b844f53239cfdc7a9ddb28920179f622841021639f6ee5879567ef3d1d642fab474bf08fa26fc705229964f474eb219340db
-
SSDEEP
3072:lRzHSz4SkDDRU/bLtDaN4UbqgQKYOZFLvyu1YIswNG1yGHjrwxiT09zN6rQ34x:DzdYIRNG1ygrwxE09x6rQK
Static task
static1
Behavioral task
behavioral1
Sample
f36e9ca4cd36d196f61291eb76e6652c_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
f36e9ca4cd36d196f61291eb76e6652c_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
xtremerat
y32.no-ip.biz
Targets
-
-
Target
f36e9ca4cd36d196f61291eb76e6652c_JaffaCakes118
-
Size
440KB
-
MD5
f36e9ca4cd36d196f61291eb76e6652c
-
SHA1
ceee9ab9d12b36e45389858dc90acc6d7b02b0b0
-
SHA256
6bc8932d86ba0cfcdddeaf7c79288014154c1ee1577b9e0627c9051219bdd72d
-
SHA512
af23d19513e68f6eba027869fdf6b844f53239cfdc7a9ddb28920179f622841021639f6ee5879567ef3d1d642fab474bf08fa26fc705229964f474eb219340db
-
SSDEEP
3072:lRzHSz4SkDDRU/bLtDaN4UbqgQKYOZFLvyu1YIswNG1yGHjrwxiT09zN6rQ34x:DzdYIRNG1ygrwxE09x6rQK
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-