General
-
Target
7173ff3ed650215eb618bfc9c6d9bd30_JaffaCakes118
-
Size
42KB
-
Sample
240525-kvpktacd86
-
MD5
7173ff3ed650215eb618bfc9c6d9bd30
-
SHA1
f0d4d92ed8160271bb08b06e1b9eac1165590bcf
-
SHA256
0f00f553887f728bb3bc81c1ac30c1f44b0a073ab770cdb9c6f6ab4c7b5c8bbc
-
SHA512
a3d1c2b7e140634c46bb90f9929106b0d4aeefdac1e49d012919ae888d92c495fe5aad87500bb98a2d7ea3e5a74841fbe6239275f94b3a597648417de11476aa
-
SSDEEP
384:u3S1M6XizUkyeMdN/oNIjzqQ0YOPHXBJPcJqfeRBRXLJJtqsr4eGWG9ELJcSVjEd:u4egZtpjuTZsy8RXLbUKFqjC9Pjzon
Malware Config
Targets
-
-
Target
7173ff3ed650215eb618bfc9c6d9bd30_JaffaCakes118
-
Size
42KB
-
MD5
7173ff3ed650215eb618bfc9c6d9bd30
-
SHA1
f0d4d92ed8160271bb08b06e1b9eac1165590bcf
-
SHA256
0f00f553887f728bb3bc81c1ac30c1f44b0a073ab770cdb9c6f6ab4c7b5c8bbc
-
SHA512
a3d1c2b7e140634c46bb90f9929106b0d4aeefdac1e49d012919ae888d92c495fe5aad87500bb98a2d7ea3e5a74841fbe6239275f94b3a597648417de11476aa
-
SSDEEP
384:u3S1M6XizUkyeMdN/oNIjzqQ0YOPHXBJPcJqfeRBRXLJJtqsr4eGWG9ELJcSVjEd:u4egZtpjuTZsy8RXLbUKFqjC9Pjzon
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-