General
-
Target
36881e88e8d556688859b439d7fb269f_JaffaCakes118
-
Size
53KB
-
Sample
240710-1pp76asalr
-
MD5
36881e88e8d556688859b439d7fb269f
-
SHA1
3fe2a4172525a828d01b8c74aa20582b4cd26ec7
-
SHA256
568585a62c02434169711c846d2fb3808c1ca9e81727a233152447500f6c2ad2
-
SHA512
2c24c9a7474909771c522db2d9e54c8fa389696ca1c22bb7dd58a1bf0179db033365b183b000ebe3c3ac095bbfe2a17c83c5fade0dd6cf84c98aee005df1d238
-
SSDEEP
768:jBGosmzSaYk/SnUftVqBON8Fhzl5LsX0IqSSO3vantS8YzXB1antS8YzXBsRS4Z+:zxCUftEBzhxPO3vYUFr/YUFr4pM
Static task
static1
Behavioral task
behavioral1
Sample
36881e88e8d556688859b439d7fb269f_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
36881e88e8d556688859b439d7fb269f_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
36881e88e8d556688859b439d7fb269f_JaffaCakes118
-
Size
53KB
-
MD5
36881e88e8d556688859b439d7fb269f
-
SHA1
3fe2a4172525a828d01b8c74aa20582b4cd26ec7
-
SHA256
568585a62c02434169711c846d2fb3808c1ca9e81727a233152447500f6c2ad2
-
SHA512
2c24c9a7474909771c522db2d9e54c8fa389696ca1c22bb7dd58a1bf0179db033365b183b000ebe3c3ac095bbfe2a17c83c5fade0dd6cf84c98aee005df1d238
-
SSDEEP
768:jBGosmzSaYk/SnUftVqBON8Fhzl5LsX0IqSSO3vantS8YzXB1antS8YzXBsRS4Z+:zxCUftEBzhxPO3vYUFr/YUFr4pM
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-