General
-
Target
37aaa2bed43ce39c1704b987b5385ed0_JaffaCakes118
-
Size
683KB
-
Sample
240711-evr32sydmr
-
MD5
37aaa2bed43ce39c1704b987b5385ed0
-
SHA1
325af94ed4dcae2f98e6946570cdedd221ac47d2
-
SHA256
8baf0943f911872735c14c358c544fa98727d3c06c4e8876f7b1c149cc28bb3c
-
SHA512
0e853789f825144b02bff2bbcc04692943bb0204aa4273f4e7e2a96789b27e4b5f33bb4ee7bff3a758435d1ba839ddacd3960dadee6369020d4549f14009c3e8
-
SSDEEP
12288:ZvFRrUo7YNQ3LPxez8dFlZqBhF77a+QjUZbvFjMDGKreNznhj:ZvNwQEz+8BOMX8GKq9hj
Static task
static1
Behavioral task
behavioral1
Sample
37aaa2bed43ce39c1704b987b5385ed0_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
37aaa2bed43ce39c1704b987b5385ed0_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
franco1.no-ip.org
Targets
-
-
Target
37aaa2bed43ce39c1704b987b5385ed0_JaffaCakes118
-
Size
683KB
-
MD5
37aaa2bed43ce39c1704b987b5385ed0
-
SHA1
325af94ed4dcae2f98e6946570cdedd221ac47d2
-
SHA256
8baf0943f911872735c14c358c544fa98727d3c06c4e8876f7b1c149cc28bb3c
-
SHA512
0e853789f825144b02bff2bbcc04692943bb0204aa4273f4e7e2a96789b27e4b5f33bb4ee7bff3a758435d1ba839ddacd3960dadee6369020d4549f14009c3e8
-
SSDEEP
12288:ZvFRrUo7YNQ3LPxez8dFlZqBhF77a+QjUZbvFjMDGKreNznhj:ZvNwQEz+8BOMX8GKq9hj
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-