General
-
Target
358f37306aac6da4a03ec97ec556bb74_JaffaCakes118
-
Size
47KB
-
Sample
240710-vavlfa1dnh
-
MD5
358f37306aac6da4a03ec97ec556bb74
-
SHA1
a2481081baf87f1ff76c581dea57e00e1d97a7fb
-
SHA256
e0ff021ad711c12637aad7d921f3bb9151f324d8b1658cc79a7e6771c85c18be
-
SHA512
de99ad6334eaa207ffcca0ac4f540f24940b18aad317a07851a3b42580d12477edc8c3c6bc0fc48b536bf327d998fdd6ae0100e10be0ba445f6bcacc0a11a029
-
SSDEEP
768:kLdIlo/q41gSI2T+zqZ1b1niEPg0ctLRqiWgPNk/lJipYj4cEydXPbiLhX69:odH/q4+SK415RgdLBWcm/ri2kSfGL5M
Behavioral task
behavioral1
Sample
358f37306aac6da4a03ec97ec556bb74_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
358f37306aac6da4a03ec97ec556bb74_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
mohamedmmk.zapto.org
Targets
-
-
Target
358f37306aac6da4a03ec97ec556bb74_JaffaCakes118
-
Size
47KB
-
MD5
358f37306aac6da4a03ec97ec556bb74
-
SHA1
a2481081baf87f1ff76c581dea57e00e1d97a7fb
-
SHA256
e0ff021ad711c12637aad7d921f3bb9151f324d8b1658cc79a7e6771c85c18be
-
SHA512
de99ad6334eaa207ffcca0ac4f540f24940b18aad317a07851a3b42580d12477edc8c3c6bc0fc48b536bf327d998fdd6ae0100e10be0ba445f6bcacc0a11a029
-
SSDEEP
768:kLdIlo/q41gSI2T+zqZ1b1niEPg0ctLRqiWgPNk/lJipYj4cEydXPbiLhX69:odH/q4+SK415RgdLBWcm/ri2kSfGL5M
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-