General
-
Target
fb7b3668db7296ff35e0b20bbd210ea6_JaffaCakes118
-
Size
33KB
-
Sample
240420-ahhavsca7s
-
MD5
fb7b3668db7296ff35e0b20bbd210ea6
-
SHA1
25cf3c76a2bcd1907dee6da48facbdd28ccf2149
-
SHA256
4e833a9595653d4c0a799e912f3d1310f24415f964a4e81302dcca75027aa0b8
-
SHA512
d302c8d1bd9ab31f0df79be29e54eaf8eba153410773ece98127222484db479a599bb726a86836766372d7106d8a7db9a85fccbe1ac5869ebd6596139794fe6f
-
SSDEEP
768:2MuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66lRtz76O8Lh:jNW71rcYDAWeotvXlXiO
Behavioral task
behavioral1
Sample
fb7b3668db7296ff35e0b20bbd210ea6_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fb7b3668db7296ff35e0b20bbd210ea6_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
xtremerat
pho3nix.no-ip.biz
Targets
-
-
Target
fb7b3668db7296ff35e0b20bbd210ea6_JaffaCakes118
-
Size
33KB
-
MD5
fb7b3668db7296ff35e0b20bbd210ea6
-
SHA1
25cf3c76a2bcd1907dee6da48facbdd28ccf2149
-
SHA256
4e833a9595653d4c0a799e912f3d1310f24415f964a4e81302dcca75027aa0b8
-
SHA512
d302c8d1bd9ab31f0df79be29e54eaf8eba153410773ece98127222484db479a599bb726a86836766372d7106d8a7db9a85fccbe1ac5869ebd6596139794fe6f
-
SSDEEP
768:2MuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66lRtz76O8Lh:jNW71rcYDAWeotvXlXiO
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Deletes itself
-
Adds Run key to start application
-
Drops file in System32 directory
-