General
-
Target
3687c9120036326541e8d0b1becf135d_JaffaCakes118
-
Size
297KB
-
Sample
240710-1pjqdasalm
-
MD5
3687c9120036326541e8d0b1becf135d
-
SHA1
eb4af057da7e05ed3ab7d83df3a2530b2ce03ba8
-
SHA256
0e2fe3ae63efd19f88e83b118c631fb4b9ba67b3ec4edbf1804f8df95202b88f
-
SHA512
f148718968170d8a04535dad45e38fa3f0a8bcf15cfe9cea7956bb5899aed4adf2b68bd65ad623b53876ad8347ff29037c7b875190482add0b9db85edcf7455f
-
SSDEEP
3072:YfP4FGzopTIjywszepfklIxMwx4QJng3vsQSLHYIZ1Ot/:YfP7GdzeVkxCttgUVR+/
Static task
static1
Behavioral task
behavioral1
Sample
3687c9120036326541e8d0b1becf135d_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3687c9120036326541e8d0b1becf135d_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
dooont.no-ip.biz
Targets
-
-
Target
3687c9120036326541e8d0b1becf135d_JaffaCakes118
-
Size
297KB
-
MD5
3687c9120036326541e8d0b1becf135d
-
SHA1
eb4af057da7e05ed3ab7d83df3a2530b2ce03ba8
-
SHA256
0e2fe3ae63efd19f88e83b118c631fb4b9ba67b3ec4edbf1804f8df95202b88f
-
SHA512
f148718968170d8a04535dad45e38fa3f0a8bcf15cfe9cea7956bb5899aed4adf2b68bd65ad623b53876ad8347ff29037c7b875190482add0b9db85edcf7455f
-
SSDEEP
3072:YfP4FGzopTIjywszepfklIxMwx4QJng3vsQSLHYIZ1Ot/:YfP7GdzeVkxCttgUVR+/
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-