General
-
Target
f92322b3b28f947cb9d7cd80eb571c28_JaffaCakes118
-
Size
100KB
-
Sample
240419-a652tscg21
-
MD5
f92322b3b28f947cb9d7cd80eb571c28
-
SHA1
4a1e272a0b4f3fc0243ba8c7ea027cc77cc46ce7
-
SHA256
64001fe73360c8d022d61377852fee9d66ad79f267378638509419531d44b263
-
SHA512
fd23af2f8c4dc36619d552a916a517a78c3d0c077a75240a6b9008a3d753c77dcfc8f25dc023c096bc4f6136e45cdc24da1180285df586e667db00d00d1c7904
-
SSDEEP
1536:y9ZQxjwFxx08go02rJR40g5zMLJWtInstC6ak/G+W2PNr5:y/QUeto02E5zMEtsstC6p/9r5
Static task
static1
Behavioral task
behavioral1
Sample
f92322b3b28f947cb9d7cd80eb571c28_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f92322b3b28f947cb9d7cd80eb571c28_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
xtremerat
netkore.no-ip.org
Targets
-
-
Target
f92322b3b28f947cb9d7cd80eb571c28_JaffaCakes118
-
Size
100KB
-
MD5
f92322b3b28f947cb9d7cd80eb571c28
-
SHA1
4a1e272a0b4f3fc0243ba8c7ea027cc77cc46ce7
-
SHA256
64001fe73360c8d022d61377852fee9d66ad79f267378638509419531d44b263
-
SHA512
fd23af2f8c4dc36619d552a916a517a78c3d0c077a75240a6b9008a3d753c77dcfc8f25dc023c096bc4f6136e45cdc24da1180285df586e667db00d00d1c7904
-
SSDEEP
1536:y9ZQxjwFxx08go02rJR40g5zMLJWtInstC6ak/G+W2PNr5:y/QUeto02E5zMEtsstC6p/9r5
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-