General
-
Target
f519aa6774d204dbb68c11a87863e616_JaffaCakes118
-
Size
156KB
-
Sample
240417-fs6zvsed63
-
MD5
f519aa6774d204dbb68c11a87863e616
-
SHA1
e2a6b227dec48a165213d42c032206b48d75d5e5
-
SHA256
4683106380261c8226dd80fca13a311bc9365860df2585b0c63e354cd49176a1
-
SHA512
b58bfacb61df459ef9720ae2351437cc595a761b28ab5679925515b153e184cc5c3a7d61c23f4b897df878db053987ce1692cd19dfb71256cc391defcc5be803
-
SSDEEP
3072:0ax843eEryI02N/6thgrLPOMJrZO/IcdV5+D7ltx401aqMqtEWCQYzNONF:0E3vr3NWhQLmMV4kbiHWtEWg0NF
Static task
static1
Behavioral task
behavioral1
Sample
f519aa6774d204dbb68c11a87863e616_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f519aa6774d204dbb68c11a87863e616_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
xtremerat
wasel.no-ip.biz
Targets
-
-
Target
f519aa6774d204dbb68c11a87863e616_JaffaCakes118
-
Size
156KB
-
MD5
f519aa6774d204dbb68c11a87863e616
-
SHA1
e2a6b227dec48a165213d42c032206b48d75d5e5
-
SHA256
4683106380261c8226dd80fca13a311bc9365860df2585b0c63e354cd49176a1
-
SHA512
b58bfacb61df459ef9720ae2351437cc595a761b28ab5679925515b153e184cc5c3a7d61c23f4b897df878db053987ce1692cd19dfb71256cc391defcc5be803
-
SSDEEP
3072:0ax843eEryI02N/6thgrLPOMJrZO/IcdV5+D7ltx401aqMqtEWCQYzNONF:0E3vr3NWhQLmMV4kbiHWtEWg0NF
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-