General
-
Target
37d31edcc158a99c21501401c48c3aca_JaffaCakes118
-
Size
96KB
-
Sample
240711-fvvdva1apk
-
MD5
37d31edcc158a99c21501401c48c3aca
-
SHA1
c57261dafbd923838f714967c622e1be2448d7da
-
SHA256
1507ee7a997e7b28e9a830d4e0b68d29394135639e5ce1246e8b906d43d0951a
-
SHA512
4a3f7683a438a5f024a5153915e359f9bc9fb5dbc75b8de91f0e8d28c7f1d14fd10a5ffbbb2dc53c9bda05f13d94c72006bff8861d1edc2f79f8ebeaee6c2be9
-
SSDEEP
768:4V/4IVzt2p59SweTxdfyQEkTYCtgBlMWveBBo4AWd+jpkUUkBBw64D+gFX+v+x:+h3FTDtpp9AWdYpEkBP4BF/x
Static task
static1
Behavioral task
behavioral1
Sample
37d31edcc158a99c21501401c48c3aca_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
37d31edcc158a99c21501401c48c3aca_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
37d31edcc158a99c21501401c48c3aca_JaffaCakes118
-
Size
96KB
-
MD5
37d31edcc158a99c21501401c48c3aca
-
SHA1
c57261dafbd923838f714967c622e1be2448d7da
-
SHA256
1507ee7a997e7b28e9a830d4e0b68d29394135639e5ce1246e8b906d43d0951a
-
SHA512
4a3f7683a438a5f024a5153915e359f9bc9fb5dbc75b8de91f0e8d28c7f1d14fd10a5ffbbb2dc53c9bda05f13d94c72006bff8861d1edc2f79f8ebeaee6c2be9
-
SSDEEP
768:4V/4IVzt2p59SweTxdfyQEkTYCtgBlMWveBBo4AWd+jpkUUkBBw64D+gFX+v+x:+h3FTDtpp9AWdYpEkBP4BF/x
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-