General
-
Target
fc0ca5da65627a7d59a44bfb8dbdc29e_JaffaCakes118
-
Size
218KB
-
Sample
240420-gea6pshh77
-
MD5
fc0ca5da65627a7d59a44bfb8dbdc29e
-
SHA1
43ed78c1cbd951697068b6430b3eb0461cacece5
-
SHA256
03dc1456445a8bd1cf24ed1d4531982484ffa763f9227c94365de95bf51d79c5
-
SHA512
7ba5388f6121fe7be374c8b9e443d4d5d8fcbb9ae23ca7a5b07a903bf6a59679ce326431096728afb92d952dbf3690637ac59b096c8adfa4f3a67d4c3de0447c
-
SSDEEP
3072:EMsPZyn4bP26TbSnpKruoByI6N5bH2VBsXbfPSqVo+OYZMd1TToKPx0Xcy7lOs9J:5kPfunpOPyIgWTsXbfKqGRkKPO7fxvB
Static task
static1
Behavioral task
behavioral1
Sample
fc0ca5da65627a7d59a44bfb8dbdc29e_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fc0ca5da65627a7d59a44bfb8dbdc29e_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
xtremerat
zapata36.zapto.org
Targets
-
-
Target
fc0ca5da65627a7d59a44bfb8dbdc29e_JaffaCakes118
-
Size
218KB
-
MD5
fc0ca5da65627a7d59a44bfb8dbdc29e
-
SHA1
43ed78c1cbd951697068b6430b3eb0461cacece5
-
SHA256
03dc1456445a8bd1cf24ed1d4531982484ffa763f9227c94365de95bf51d79c5
-
SHA512
7ba5388f6121fe7be374c8b9e443d4d5d8fcbb9ae23ca7a5b07a903bf6a59679ce326431096728afb92d952dbf3690637ac59b096c8adfa4f3a67d4c3de0447c
-
SSDEEP
3072:EMsPZyn4bP26TbSnpKruoByI6N5bH2VBsXbfPSqVo+OYZMd1TToKPx0Xcy7lOs9J:5kPfunpOPyIgWTsXbfKqGRkKPO7fxvB
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-