General
-
Target
349faf873bf744843321372d136909ab_JaffaCakes118
-
Size
243KB
-
Sample
240710-n5kldsycra
-
MD5
349faf873bf744843321372d136909ab
-
SHA1
d3bd232c7caa67ef75ee1a748be2538dcf369141
-
SHA256
5c4946add18f556173a1d39ab8ff9715b87683d076f2c080ea48caf8c380b629
-
SHA512
7c7cdd4bb4bdadaf8b5c451be152410b1102d9b0556dce6f4b8ba1c6a2f298230ef322378a106c7da1215345972d0917f8611ec4d9ec33460da1c872966e42fc
-
SSDEEP
3072:XFd2Afoka0uMMGYmKlMCJ+UrxkCkK9a7+Z3wCYdj8vK1HDvhk1eSkDyfCnewUmG7:1jQwuYKs7M3jvEu1nkaCneT3NmEQm
Static task
static1
Behavioral task
behavioral1
Sample
349faf873bf744843321372d136909ab_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
349faf873bf744843321372d136909ab_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
umtakcicek.dyndns.org
ࠁ谀umtakcicek.dyndns.org
Targets
-
-
Target
349faf873bf744843321372d136909ab_JaffaCakes118
-
Size
243KB
-
MD5
349faf873bf744843321372d136909ab
-
SHA1
d3bd232c7caa67ef75ee1a748be2538dcf369141
-
SHA256
5c4946add18f556173a1d39ab8ff9715b87683d076f2c080ea48caf8c380b629
-
SHA512
7c7cdd4bb4bdadaf8b5c451be152410b1102d9b0556dce6f4b8ba1c6a2f298230ef322378a106c7da1215345972d0917f8611ec4d9ec33460da1c872966e42fc
-
SSDEEP
3072:XFd2Afoka0uMMGYmKlMCJ+UrxkCkK9a7+Z3wCYdj8vK1HDvhk1eSkDyfCnewUmG7:1jQwuYKs7M3jvEu1nkaCneT3NmEQm
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-