General
-
Target
3f3cd2798a290e727c55e0672e6813d7_JaffaCakes118
-
Size
123KB
-
Sample
240712-24gd8svcjm
-
MD5
3f3cd2798a290e727c55e0672e6813d7
-
SHA1
b09d3a12b31d2ed05b8aaba761c717a12e7d52cc
-
SHA256
7805b92020af25bcf453307b01f0344d2a5ccfbb50324e6595cef4d67f5b85b4
-
SHA512
2f1a75af398135b2cacaf4d04ae563e892ed5e31b318ae568fe0f2da2c22b7f3513fdb31899e7f47fad672cb249bea110d2cb052fdfa2c4125640a3653b059ee
-
SSDEEP
3072:rzaQgx1STGfaL1XjyIlRBhbQG/l5DYKLckZzIcZob:rzaQg3l4Xv9/Xn7o
Behavioral task
behavioral1
Sample
3f3cd2798a290e727c55e0672e6813d7_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3f3cd2798a290e727c55e0672e6813d7_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
3f3cd2798a290e727c55e0672e6813d7_JaffaCakes118
-
Size
123KB
-
MD5
3f3cd2798a290e727c55e0672e6813d7
-
SHA1
b09d3a12b31d2ed05b8aaba761c717a12e7d52cc
-
SHA256
7805b92020af25bcf453307b01f0344d2a5ccfbb50324e6595cef4d67f5b85b4
-
SHA512
2f1a75af398135b2cacaf4d04ae563e892ed5e31b318ae568fe0f2da2c22b7f3513fdb31899e7f47fad672cb249bea110d2cb052fdfa2c4125640a3653b059ee
-
SSDEEP
3072:rzaQgx1STGfaL1XjyIlRBhbQG/l5DYKLckZzIcZob:rzaQg3l4Xv9/Xn7o
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-