General
-
Target
f7fd62bc8ea8d33b6de88d70efc3939d_JaffaCakes118
-
Size
96KB
-
Sample
240418-pmpytseb7v
-
MD5
f7fd62bc8ea8d33b6de88d70efc3939d
-
SHA1
e718851000559e67c3dc8b0d8fc80a4d66037d95
-
SHA256
57d1cad67b4e7bdfb6ddd4bf5463c5aa614f1ac716bb3ef2e0177715c91e2e18
-
SHA512
99badc0f70ca9408cd9263e13c4b68c57ada52a371c1a61690063fe3f6df11c742cbda4214220b3230287084b5c2e1a5d6281fe180fdcc243ae20afa02058b8a
-
SSDEEP
1536:NfEUHeDF9gpI35hXsLdCWWdWzK4Q4f/TXWarz3GThv:NfE8EupGXs9W49bWqrGlv
Static task
static1
Behavioral task
behavioral1
Sample
f7fd62bc8ea8d33b6de88d70efc3939d_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f7fd62bc8ea8d33b6de88d70efc3939d_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
xtremerat
dannymatrix.no-ip.org
Targets
-
-
Target
f7fd62bc8ea8d33b6de88d70efc3939d_JaffaCakes118
-
Size
96KB
-
MD5
f7fd62bc8ea8d33b6de88d70efc3939d
-
SHA1
e718851000559e67c3dc8b0d8fc80a4d66037d95
-
SHA256
57d1cad67b4e7bdfb6ddd4bf5463c5aa614f1ac716bb3ef2e0177715c91e2e18
-
SHA512
99badc0f70ca9408cd9263e13c4b68c57ada52a371c1a61690063fe3f6df11c742cbda4214220b3230287084b5c2e1a5d6281fe180fdcc243ae20afa02058b8a
-
SSDEEP
1536:NfEUHeDF9gpI35hXsLdCWWdWzK4Q4f/TXWarz3GThv:NfE8EupGXs9W49bWqrGlv
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-