General
-
Target
372e83d00c19fa37164a018f84252e52_JaffaCakes118
-
Size
89KB
-
Sample
240711-brs96a1brq
-
MD5
372e83d00c19fa37164a018f84252e52
-
SHA1
1487cbd13208c85fe71f0dbc13a20e0bfc0016ff
-
SHA256
d636adc0e3691926f3a65a2756f3836485416db0e783a02c753bac7f442ba473
-
SHA512
b5e3b3bc69774c77de8c1381bf31d04122075961288617a5c28e5ca52b661032498ea392ecf52d4e9c9fd66c3aa7151bc0bd00f5535f760393deebd7b4677821
-
SSDEEP
1536:RrEUEVDF4VR5YJBCL3ce5ncyzG23UbuasNPp4brEJi0oZODVh4Px71y8xmwciuX1:RrEvb4VROJBCL3ce5ncyzG23UbuasNPn
Static task
static1
Behavioral task
behavioral1
Sample
372e83d00c19fa37164a018f84252e52_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
372e83d00c19fa37164a018f84252e52_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
xtremerat
black100.no-ip.biz
cantstop.no-ip.biz
Targets
-
-
Target
372e83d00c19fa37164a018f84252e52_JaffaCakes118
-
Size
89KB
-
MD5
372e83d00c19fa37164a018f84252e52
-
SHA1
1487cbd13208c85fe71f0dbc13a20e0bfc0016ff
-
SHA256
d636adc0e3691926f3a65a2756f3836485416db0e783a02c753bac7f442ba473
-
SHA512
b5e3b3bc69774c77de8c1381bf31d04122075961288617a5c28e5ca52b661032498ea392ecf52d4e9c9fd66c3aa7151bc0bd00f5535f760393deebd7b4677821
-
SSDEEP
1536:RrEUEVDF4VR5YJBCL3ce5ncyzG23UbuasNPp4brEJi0oZODVh4Px71y8xmwciuX1:RrEvb4VROJBCL3ce5ncyzG23UbuasNPn
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-