xtremerat | c76fb0b47d1c61850ddb5b34d3c26a4ba67cd6ec46fa3891d508005096ae7616

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
19-06-2024 19:09

Target

001b58afd4b0657b4a4594cef54b4547_JaffaCakes118.exe
Size

44KB
MD5

001b58afd4b0657b4a4594cef54b4547
SHA1

a51c8ce7949a6e13099c6ca707b03718ad88257e
SHA256

c76fb0b47d1c61850ddb5b34d3c26a4ba67cd6ec46fa3891d508005096ae7616
SHA512

2bbc3ddf9da64cf3f1517c72c1b15c4ec628f4fa4ce3238774e8dcd20220c073b45c9dc846487c62bb01d2103d9fb085a403558cffa8dae9fe4bb2b502154a94
SSDEEP

768:rBr+ujFqTPbAlfzh5lr6an3sETA8lvm2mfOTwYPIkzoiQ:FykUAlrjlr6an9TLlvm2ouQkoiQ

Score

10^/10

Detect XtremeRAT payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1320-0-0x0000000000C80000-0x0000000000C93000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat

C:\Users\Admin\AppData\Local\Temp\001b58afd4b0657b4a4594cef54b4547_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\001b58afd4b0657b4a4594cef54b4547_JaffaCakes118.exe"
1⤵
PID:1320

memory/1320-0-0x0000000000C80000-0x0000000000C93000-memory.dmp

Filesize
76KB

Download