General
-
Target
f64105225170d5d38119d404fdddb7f7_JaffaCakes118
-
Size
89KB
-
Sample
240417-vjteqsgb33
-
MD5
f64105225170d5d38119d404fdddb7f7
-
SHA1
da21086ac37f205e0172df3b01e3240d8dbf3c71
-
SHA256
f8be8210805905d446fe4200fb72ae278b02fe96d1a50745d6d7b1bdcee94723
-
SHA512
2a3526250e830c407d4c6b3f6db0cd24808767f560678ec7854a44d7a386f9746704f221d6cb365d0386987b9061730133743a4f4856e38b2af8affe225c6b70
-
SSDEEP
1536:2XSJGKVKde7IPwZZlPiBiQqPgPL1TX9S23m51SK1LA4F2IzbQ:2eGWEeMPwZ7Pi/RSxSK5F2mQ
Static task
static1
Behavioral task
behavioral1
Sample
f64105225170d5d38119d404fdddb7f7_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f64105225170d5d38119d404fdddb7f7_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
xtremerat
wer99.no-ip.org
Targets
-
-
Target
f64105225170d5d38119d404fdddb7f7_JaffaCakes118
-
Size
89KB
-
MD5
f64105225170d5d38119d404fdddb7f7
-
SHA1
da21086ac37f205e0172df3b01e3240d8dbf3c71
-
SHA256
f8be8210805905d446fe4200fb72ae278b02fe96d1a50745d6d7b1bdcee94723
-
SHA512
2a3526250e830c407d4c6b3f6db0cd24808767f560678ec7854a44d7a386f9746704f221d6cb365d0386987b9061730133743a4f4856e38b2af8affe225c6b70
-
SSDEEP
1536:2XSJGKVKde7IPwZZlPiBiQqPgPL1TX9S23m51SK1LA4F2IzbQ:2eGWEeMPwZ7Pi/RSxSK5F2mQ
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-