General
-
Target
fd66dec34900329aae987e3f955e8935_JaffaCakes118
-
Size
50KB
-
Sample
240420-xhn5qsff91
-
MD5
fd66dec34900329aae987e3f955e8935
-
SHA1
71a837458644e43a44241188dfe8253d37acea57
-
SHA256
7aea79d102ae1ce0af4e32533d71eb3692cf22eeb97812e2604abde49a4662b0
-
SHA512
c321fc4a48273de06aef11aa58b3ffe079c61e16037229ffc0bf592a8a309262b0a3ab0239583903ea41b05b4e495a22b4b219b32e1c3df4e8b6e6df0c38b139
-
SSDEEP
1536:AxFRLVwAC4OjwUBHleAQRjB9efFp1/N9fi:A3pgXbd0jvIfF9i
Static task
static1
Behavioral task
behavioral1
Sample
fd66dec34900329aae987e3f955e8935_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
fd66dec34900329aae987e3f955e8935_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
aline.zapto.org
Targets
-
-
Target
fd66dec34900329aae987e3f955e8935_JaffaCakes118
-
Size
50KB
-
MD5
fd66dec34900329aae987e3f955e8935
-
SHA1
71a837458644e43a44241188dfe8253d37acea57
-
SHA256
7aea79d102ae1ce0af4e32533d71eb3692cf22eeb97812e2604abde49a4662b0
-
SHA512
c321fc4a48273de06aef11aa58b3ffe079c61e16037229ffc0bf592a8a309262b0a3ab0239583903ea41b05b4e495a22b4b219b32e1c3df4e8b6e6df0c38b139
-
SSDEEP
1536:AxFRLVwAC4OjwUBHleAQRjB9efFp1/N9fi:A3pgXbd0jvIfF9i
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-