General
-
Target
f98d60bc75e136c0c30d568f1b72fda1_JaffaCakes118
-
Size
149KB
-
Sample
240419-fj3wvahd65
-
MD5
f98d60bc75e136c0c30d568f1b72fda1
-
SHA1
f5142c523bafa804df62052061bce28cae52888d
-
SHA256
73714b15beafd757fa25477892eb5113fa875b27b78d9d8d1740a09beea66881
-
SHA512
dc205cf8a5f4b67cd0164e1ae13209b8d8c15f320c7d67c26feb43cbe6d3dbee6d3a5fa66652a0cc21084ed6aa175a8b18bf5017d82a0bd7cfc1ea307327ed31
-
SSDEEP
3072:kcLBFytaT80yMl8I8YPhiogPt5sHTee/Xmu0ThMBhSUQBgsv:kGytGByk8gPhzSIY7+sv
Static task
static1
Behavioral task
behavioral1
Sample
f98d60bc75e136c0c30d568f1b72fda1_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f98d60bc75e136c0c30d568f1b72fda1_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
xtremerat
dannymatrix.no-ip.org
Targets
-
-
Target
f98d60bc75e136c0c30d568f1b72fda1_JaffaCakes118
-
Size
149KB
-
MD5
f98d60bc75e136c0c30d568f1b72fda1
-
SHA1
f5142c523bafa804df62052061bce28cae52888d
-
SHA256
73714b15beafd757fa25477892eb5113fa875b27b78d9d8d1740a09beea66881
-
SHA512
dc205cf8a5f4b67cd0164e1ae13209b8d8c15f320c7d67c26feb43cbe6d3dbee6d3a5fa66652a0cc21084ed6aa175a8b18bf5017d82a0bd7cfc1ea307327ed31
-
SSDEEP
3072:kcLBFytaT80yMl8I8YPhiogPt5sHTee/Xmu0ThMBhSUQBgsv:kGytGByk8gPhzSIY7+sv
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-