General
-
Target
34fa842e49692160f036b18f9497f424_JaffaCakes118
-
Size
228KB
-
Sample
240710-q4kwwateme
-
MD5
34fa842e49692160f036b18f9497f424
-
SHA1
52c130bd2857fd4db5de2371f807737ee47c5fe3
-
SHA256
61e1e4921482fdf0970195338a2dc9cb30c102f53ecf9046cc456f1eeba90ccc
-
SHA512
b734a7ab1b6dc4654f8f769c8ae9671bf8b906b24653e4ec125df2d06452f6010bbf4565af3e3dab4eb28af0fe91ca340e6220708c8cfc04dcfdd15c81a05ff9
-
SSDEEP
768:vlku4x/+PgV/5vj5ky5HrGXCTbgiQut7f1F01LR5mpcydzyGJvMfoluRjly97KIS:whbyEkRjAtQw+WdzSvueUSnZQAPW2
Static task
static1
Behavioral task
behavioral1
Sample
34fa842e49692160f036b18f9497f424_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
34fa842e49692160f036b18f9497f424_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
almm.no-ip.biz
Targets
-
-
Target
34fa842e49692160f036b18f9497f424_JaffaCakes118
-
Size
228KB
-
MD5
34fa842e49692160f036b18f9497f424
-
SHA1
52c130bd2857fd4db5de2371f807737ee47c5fe3
-
SHA256
61e1e4921482fdf0970195338a2dc9cb30c102f53ecf9046cc456f1eeba90ccc
-
SHA512
b734a7ab1b6dc4654f8f769c8ae9671bf8b906b24653e4ec125df2d06452f6010bbf4565af3e3dab4eb28af0fe91ca340e6220708c8cfc04dcfdd15c81a05ff9
-
SSDEEP
768:vlku4x/+PgV/5vj5ky5HrGXCTbgiQut7f1F01LR5mpcydzyGJvMfoluRjly97KIS:whbyEkRjAtQw+WdzSvueUSnZQAPW2
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-