General
-
Target
34e9e7f182e24d5d498585f742749121_JaffaCakes118
-
Size
428KB
-
Sample
240710-qq5dcssgke
-
MD5
34e9e7f182e24d5d498585f742749121
-
SHA1
1d35554a4c5c10fc1b13fbd1891e8f171ed66176
-
SHA256
d7097c3406e386825e38053755df92e624faa0903665ffc1d61d2a7d450f8707
-
SHA512
5afa1b682a0f66f36536963244b6f30c4dce3c8bc0c363997e33283c1be3b605287a656954c5174454178c6b045c6d3f4f87e6e3c6150c76a9ef24d0e75cecb0
-
SSDEEP
12288:SfK7ha1V4vpqRMvd4YKB7V5mect1EOmFlLYTfXOYwPfDv7Upy+77UXw8gdUYHoKZ:SfK7ha1V4vpquvd4YKB7V5mec/EjYTfV
Behavioral task
behavioral1
Sample
34e9e7f182e24d5d498585f742749121_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
34e9e7f182e24d5d498585f742749121_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
rabah1627.zapto.org
Targets
-
-
Target
34e9e7f182e24d5d498585f742749121_JaffaCakes118
-
Size
428KB
-
MD5
34e9e7f182e24d5d498585f742749121
-
SHA1
1d35554a4c5c10fc1b13fbd1891e8f171ed66176
-
SHA256
d7097c3406e386825e38053755df92e624faa0903665ffc1d61d2a7d450f8707
-
SHA512
5afa1b682a0f66f36536963244b6f30c4dce3c8bc0c363997e33283c1be3b605287a656954c5174454178c6b045c6d3f4f87e6e3c6150c76a9ef24d0e75cecb0
-
SSDEEP
12288:SfK7ha1V4vpqRMvd4YKB7V5mect1EOmFlLYTfXOYwPfDv7Upy+77UXw8gdUYHoKZ:SfK7ha1V4vpquvd4YKB7V5mec/EjYTfV
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-