General
-
Target
fe1a4c3879694c969a4967b32c175d83_JaffaCakes118
-
Size
892KB
-
Sample
240421-bskdmsfd43
-
MD5
fe1a4c3879694c969a4967b32c175d83
-
SHA1
0b5bb4d1b9f312a759d045a22e1506a6be1a8a84
-
SHA256
6c56dcbf1fbed0067ae5fdc90e2ca1399c535948c66f0cdcf26391a1fa1b8d5c
-
SHA512
aef3712ed7f15e344d99242375d38f6fda15d39e2efc68b5e3c0d4b4ec9d5a16b0e43c8302c76d57f8f47ac1a63102e50f8fe9f3dfba48bed3afbb3b21aeba6b
-
SSDEEP
3072:F14N2LlvNVZ98BPQd7xaYzO1v9em06TivuX:F1UslvHP8BPHt9d
Static task
static1
Behavioral task
behavioral1
Sample
fe1a4c3879694c969a4967b32c175d83_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fe1a4c3879694c969a4967b32c175d83_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
xtremerat
noodse.zapto.org
Targets
-
-
Target
fe1a4c3879694c969a4967b32c175d83_JaffaCakes118
-
Size
892KB
-
MD5
fe1a4c3879694c969a4967b32c175d83
-
SHA1
0b5bb4d1b9f312a759d045a22e1506a6be1a8a84
-
SHA256
6c56dcbf1fbed0067ae5fdc90e2ca1399c535948c66f0cdcf26391a1fa1b8d5c
-
SHA512
aef3712ed7f15e344d99242375d38f6fda15d39e2efc68b5e3c0d4b4ec9d5a16b0e43c8302c76d57f8f47ac1a63102e50f8fe9f3dfba48bed3afbb3b21aeba6b
-
SSDEEP
3072:F14N2LlvNVZ98BPQd7xaYzO1v9em06TivuX:F1UslvHP8BPHt9d
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-