General
-
Target
38d465057d42acd30c455fd0d629e3da_JaffaCakes118
-
Size
172KB
-
Sample
240711-m1rcpswbng
-
MD5
38d465057d42acd30c455fd0d629e3da
-
SHA1
51020afaecbb5efa6c6fc73f0e81e6eb7de6e350
-
SHA256
00de3944ce277484c8a9d375e13ac7c129ce0a8aca25c72d53b34e305852099f
-
SHA512
347a8b5de37202978bb0f889c10958d0a7bfaea258238643a2b5f22da071e73c3265fc737e65e11c3626be8e65be3a80e0e365fb446876f376e42fb30981c876
-
SSDEEP
1536:iyguAiQ/cBJWumC7ZRtSjGN4HfrJTjV99/V3YAPk3gA9aUZ:ifiQUShCMJvh/hA3gMZ
Static task
static1
Behavioral task
behavioral1
Sample
38d465057d42acd30c455fd0d629e3da_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
38d465057d42acd30c455fd0d629e3da_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
alsfa7.no-ip.biz
Targets
-
-
Target
38d465057d42acd30c455fd0d629e3da_JaffaCakes118
-
Size
172KB
-
MD5
38d465057d42acd30c455fd0d629e3da
-
SHA1
51020afaecbb5efa6c6fc73f0e81e6eb7de6e350
-
SHA256
00de3944ce277484c8a9d375e13ac7c129ce0a8aca25c72d53b34e305852099f
-
SHA512
347a8b5de37202978bb0f889c10958d0a7bfaea258238643a2b5f22da071e73c3265fc737e65e11c3626be8e65be3a80e0e365fb446876f376e42fb30981c876
-
SSDEEP
1536:iyguAiQ/cBJWumC7ZRtSjGN4HfrJTjV99/V3YAPk3gA9aUZ:ifiQUShCMJvh/hA3gMZ
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-