General
-
Target
3f11cf1e491dc52be5556b31579ceb00_JaffaCakes118
-
Size
2.1MB
-
Sample
240712-13ch8asdpl
-
MD5
3f11cf1e491dc52be5556b31579ceb00
-
SHA1
b5084355c8c8b6c779899cfe0afc14b896d2b25e
-
SHA256
63c412244f4c111d9d5978e01ce115db6589083cc7b1d2c7fd7f758a8dcbedf7
-
SHA512
60c35f0c8452e8573b1cd3ba10b9fc031b056e01776cb1965e5100e901ba2b3a25025351f67833a999871eaa9396d1f88edd7485246bca5804a4251c42df222d
-
SSDEEP
49152:q3ggUjPztBlvxB2QgUjPztBlvxBZQgUjPztBlvxBZ:q3ejPJBvB2OjPJBvBZOjPJBvBZ
Static task
static1
Behavioral task
behavioral1
Sample
3f11cf1e491dc52be5556b31579ceb00_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3f11cf1e491dc52be5556b31579ceb00_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
cescmouad.zapto.org
Targets
-
-
Target
3f11cf1e491dc52be5556b31579ceb00_JaffaCakes118
-
Size
2.1MB
-
MD5
3f11cf1e491dc52be5556b31579ceb00
-
SHA1
b5084355c8c8b6c779899cfe0afc14b896d2b25e
-
SHA256
63c412244f4c111d9d5978e01ce115db6589083cc7b1d2c7fd7f758a8dcbedf7
-
SHA512
60c35f0c8452e8573b1cd3ba10b9fc031b056e01776cb1965e5100e901ba2b3a25025351f67833a999871eaa9396d1f88edd7485246bca5804a4251c42df222d
-
SSDEEP
49152:q3ggUjPztBlvxB2QgUjPztBlvxBZQgUjPztBlvxBZ:q3ejPJBvB2OjPJBvBZOjPJBvBZ
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-