General
-
Target
f8990aac3b3c7416ff5ba556b91b2ecc_JaffaCakes118
-
Size
512KB
-
Sample
240418-x3d59scf37
-
MD5
f8990aac3b3c7416ff5ba556b91b2ecc
-
SHA1
9be5966e60d241952eed89f53fb8d66272c1912a
-
SHA256
e1bbd1702acd3fd2479e6071e0da9850e275bea27ce7a2ec320dfb1836c4837f
-
SHA512
dff9ec2cc0577c9d022a3e31695eedca4920820d073045e874212f0bcbdc795c645676295483202abe66235b9417e5ee0e922212996994180ceae0d9969ef5db
-
SSDEEP
3072:7QqNjkGxTtEZbWOuoismfVYfRCfAzEZUM/9TgOoc/S68i9B0kVeC+vNW7+Xi2YKQ:7DNNxT6CX++K
Static task
static1
Behavioral task
behavioral1
Sample
f8990aac3b3c7416ff5ba556b91b2ecc_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f8990aac3b3c7416ff5ba556b91b2ecc_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
xtremerat
avera.zapto.org
Targets
-
-
Target
f8990aac3b3c7416ff5ba556b91b2ecc_JaffaCakes118
-
Size
512KB
-
MD5
f8990aac3b3c7416ff5ba556b91b2ecc
-
SHA1
9be5966e60d241952eed89f53fb8d66272c1912a
-
SHA256
e1bbd1702acd3fd2479e6071e0da9850e275bea27ce7a2ec320dfb1836c4837f
-
SHA512
dff9ec2cc0577c9d022a3e31695eedca4920820d073045e874212f0bcbdc795c645676295483202abe66235b9417e5ee0e922212996994180ceae0d9969ef5db
-
SSDEEP
3072:7QqNjkGxTtEZbWOuoismfVYfRCfAzEZUM/9TgOoc/S68i9B0kVeC+vNW7+Xi2YKQ:7DNNxT6CX++K
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-