General
-
Target
fa98f299330d2ca94971f373eace4d7c_JaffaCakes118
-
Size
51KB
-
Sample
240419-st3p2sgf7s
-
MD5
fa98f299330d2ca94971f373eace4d7c
-
SHA1
9d75b7eb3bd1d68788ad9b3c5952e3e9b7eadfb1
-
SHA256
639da9d81d90ad0f9df315c09acbf09c87150ea78a284d944d2f0ab990771f39
-
SHA512
d295c2a0bd2f767696b851818cfdfd69cb182fbe802952e17dd5d48bfe8acaaac87b4e37e8121696cf1f61ad5a520d8e5c16708883fe42041a06fc9024b3a667
-
SSDEEP
1536:p5QAEeWPJ3okPGZAZKF/O3uKSYk9Wa9oFqxbWX:pKAEeUJlGCeK6WwoFqxCX
Static task
static1
Behavioral task
behavioral1
Sample
fa98f299330d2ca94971f373eace4d7c_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fa98f299330d2ca94971f373eace4d7c_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
xtremerat
roin.no-ip.biz
Targets
-
-
Target
fa98f299330d2ca94971f373eace4d7c_JaffaCakes118
-
Size
51KB
-
MD5
fa98f299330d2ca94971f373eace4d7c
-
SHA1
9d75b7eb3bd1d68788ad9b3c5952e3e9b7eadfb1
-
SHA256
639da9d81d90ad0f9df315c09acbf09c87150ea78a284d944d2f0ab990771f39
-
SHA512
d295c2a0bd2f767696b851818cfdfd69cb182fbe802952e17dd5d48bfe8acaaac87b4e37e8121696cf1f61ad5a520d8e5c16708883fe42041a06fc9024b3a667
-
SSDEEP
1536:p5QAEeWPJ3okPGZAZKF/O3uKSYk9Wa9oFqxbWX:pKAEeUJlGCeK6WwoFqxCX
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-