General
-
Target
3f0225c39039d21c1f4efd6eee963526_JaffaCakes118
-
Size
612KB
-
Sample
240712-1n3f4atfld
-
MD5
3f0225c39039d21c1f4efd6eee963526
-
SHA1
e6c59dea1fc25ab6a1f733506e2b48fe63681d5c
-
SHA256
c94ccecfbb481ce44bda6c804bdf8d891387c60fccbd9c560bafb3788488cf29
-
SHA512
ead1ae37b279fff164b04024ed55751747ebac88e502a764d518236582dcd945c88156026bb5048aa876c7b565cb65da84721fc9d685ce4e8704b7ae23ba3a31
-
SSDEEP
12288:aaoqwuhLcuEQhxkkGsLX4UkaUp77xCgp1spuQuQxOMTMUoAj65+1j:aaojuhLcuESLjk7PxT3ZXYMtAzj
Static task
static1
Behavioral task
behavioral1
Sample
3f0225c39039d21c1f4efd6eee963526_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
xtremerat
xstreme.no-ip.org
Targets
-
-
Target
3f0225c39039d21c1f4efd6eee963526_JaffaCakes118
-
Size
612KB
-
MD5
3f0225c39039d21c1f4efd6eee963526
-
SHA1
e6c59dea1fc25ab6a1f733506e2b48fe63681d5c
-
SHA256
c94ccecfbb481ce44bda6c804bdf8d891387c60fccbd9c560bafb3788488cf29
-
SHA512
ead1ae37b279fff164b04024ed55751747ebac88e502a764d518236582dcd945c88156026bb5048aa876c7b565cb65da84721fc9d685ce4e8704b7ae23ba3a31
-
SSDEEP
12288:aaoqwuhLcuEQhxkkGsLX4UkaUp77xCgp1spuQuQxOMTMUoAj65+1j:aaojuhLcuESLjk7PxT3ZXYMtAzj
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of SetThreadContext
-