General
-
Target
34966b15f464c322c1156e6efd6b9d66_JaffaCakes118
-
Size
165KB
-
Sample
240710-nx8y1sxhmh
-
MD5
34966b15f464c322c1156e6efd6b9d66
-
SHA1
13dc4f708ed488abd3e896d4ec46bc1adea4b7c2
-
SHA256
9fc2d0c7f305beb456e052e3917e9eafb80f241161c5d4d8c3a3ae0d0fd236b0
-
SHA512
38ec58bc801d3b6b55a23146d0ac60e59e507f8f85e0b228ca5812455df8eebfee0034d8929a473528f2d38c01d3b2aabbec02cc280990f4882bf87139dc2072
-
SSDEEP
3072:DyRUZ7vAsnPKlXlSnr7V/rj+VLOG/+HoSIW2YygMy/Yjx:GqZ7oVXlSnpj+VLOG/0IW2WAN
Behavioral task
behavioral1
Sample
34966b15f464c322c1156e6efd6b9d66_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
34966b15f464c322c1156e6efd6b9d66_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
x4u.no-ip.info
x4u.no-ip.info
xhell.no-ip.org
Targets
-
-
Target
34966b15f464c322c1156e6efd6b9d66_JaffaCakes118
-
Size
165KB
-
MD5
34966b15f464c322c1156e6efd6b9d66
-
SHA1
13dc4f708ed488abd3e896d4ec46bc1adea4b7c2
-
SHA256
9fc2d0c7f305beb456e052e3917e9eafb80f241161c5d4d8c3a3ae0d0fd236b0
-
SHA512
38ec58bc801d3b6b55a23146d0ac60e59e507f8f85e0b228ca5812455df8eebfee0034d8929a473528f2d38c01d3b2aabbec02cc280990f4882bf87139dc2072
-
SSDEEP
3072:DyRUZ7vAsnPKlXlSnr7V/rj+VLOG/+HoSIW2YygMy/Yjx:GqZ7oVXlSnpj+VLOG/0IW2WAN
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-