General
-
Target
385cba6e76144e7fe344ca2897882087_JaffaCakes118
-
Size
268KB
-
Sample
240711-j7jdwszeqd
-
MD5
385cba6e76144e7fe344ca2897882087
-
SHA1
3c6f1fb63ad6496d16dc5dc14d4aa8271f39a446
-
SHA256
580214a3fa3408a906fff4914bd0e1eb34d33274964e54f9a1e777228451b80b
-
SHA512
647abdce0f5e37cd7d23e1b13936aa9ffa1af590562e3d0ee495f8a0a3c9f654f0ab18bb9d5d1eacd98eacddd2058cbc54adff71f24f24bd4859eb8704ee45ca
-
SSDEEP
1536:fDelhADIlxhyiXSyqOQ4KiKtWByMQrj91pFhuxGK:belCIlrXSyM4tfB61pSxG
Static task
static1
Behavioral task
behavioral1
Sample
385cba6e76144e7fe344ca2897882087_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
385cba6e76144e7fe344ca2897882087_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
385cba6e76144e7fe344ca2897882087_JaffaCakes118
-
Size
268KB
-
MD5
385cba6e76144e7fe344ca2897882087
-
SHA1
3c6f1fb63ad6496d16dc5dc14d4aa8271f39a446
-
SHA256
580214a3fa3408a906fff4914bd0e1eb34d33274964e54f9a1e777228451b80b
-
SHA512
647abdce0f5e37cd7d23e1b13936aa9ffa1af590562e3d0ee495f8a0a3c9f654f0ab18bb9d5d1eacd98eacddd2058cbc54adff71f24f24bd4859eb8704ee45ca
-
SSDEEP
1536:fDelhADIlxhyiXSyqOQ4KiKtWByMQrj91pFhuxGK:belCIlrXSyM4tfB61pSxG
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-