General
-
Target
361ee2038d4a0452de8f913cc47e6642_JaffaCakes118
-
Size
359KB
-
Sample
240710-yffw1swgkl
-
MD5
361ee2038d4a0452de8f913cc47e6642
-
SHA1
f3a9891718f37d472974ad0f3834eb2ddb941b51
-
SHA256
3835b7d4d3e4abbab8dcff12ae2757ad3020a88fc993635cbd018147eb93d124
-
SHA512
8c2c5dce9807fd22147e28cfba930bce48cafbd48d11191cc8e8fa6a7761c123fa7c5c9f0a56abdeea6cb2cdb6df12193486d9974875cde9e7b393c0b661fb0a
-
SSDEEP
6144:wYZeBtn2TvC00M/sGOrU9YBZlDZnEdnCMnJe1XYfLtxB9XIFfTTzud5YHnAOa2C+:FeBJ2QZzrRBZldE7JMXM9YNidYnABrZo
Static task
static1
Behavioral task
behavioral1
Sample
361ee2038d4a0452de8f913cc47e6642_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
361ee2038d4a0452de8f913cc47e6642_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
belghazli.sytes.net
Targets
-
-
Target
361ee2038d4a0452de8f913cc47e6642_JaffaCakes118
-
Size
359KB
-
MD5
361ee2038d4a0452de8f913cc47e6642
-
SHA1
f3a9891718f37d472974ad0f3834eb2ddb941b51
-
SHA256
3835b7d4d3e4abbab8dcff12ae2757ad3020a88fc993635cbd018147eb93d124
-
SHA512
8c2c5dce9807fd22147e28cfba930bce48cafbd48d11191cc8e8fa6a7761c123fa7c5c9f0a56abdeea6cb2cdb6df12193486d9974875cde9e7b393c0b661fb0a
-
SSDEEP
6144:wYZeBtn2TvC00M/sGOrU9YBZlDZnEdnCMnJe1XYfLtxB9XIFfTTzud5YHnAOa2C+:FeBJ2QZzrRBZldE7JMXM9YNidYnABrZo
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Molebox Virtualization software
Detects file using Molebox Virtualization software.
-
Adds Run key to start application
-