General
-
Target
3f21ad057dcaa0e86ca9df120e92c8d3_JaffaCakes118
-
Size
113KB
-
Sample
240712-2fp2gatarp
-
MD5
3f21ad057dcaa0e86ca9df120e92c8d3
-
SHA1
5acb0c33c3b69edf81844c444afa8e85e16c8f5e
-
SHA256
2f674372fa1b3bd2b3c7c8499dd01e1de45e0bbdef7d06912035c9b7b8450a41
-
SHA512
11c79c421c610899c29489386d7ac6aa6a76e8b96d1e9bed11f9e98d4f5b31474f063ee61eaa491d2173abb6ae798016834a93bd6953dfbf4ded968a9988f44e
-
SSDEEP
1536:6C5p7b0RGwWtTYGUFwMeAur6vcOAFpRJNF+75DUSvHgMpvP5D9xOPcJS7:6Ido8tEMF+ErFnJkUmAMVRccJS7
Static task
static1
Behavioral task
behavioral1
Sample
3f21ad057dcaa0e86ca9df120e92c8d3_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3f21ad057dcaa0e86ca9df120e92c8d3_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
x0n1rlz.no-ip.biz
Targets
-
-
Target
3f21ad057dcaa0e86ca9df120e92c8d3_JaffaCakes118
-
Size
113KB
-
MD5
3f21ad057dcaa0e86ca9df120e92c8d3
-
SHA1
5acb0c33c3b69edf81844c444afa8e85e16c8f5e
-
SHA256
2f674372fa1b3bd2b3c7c8499dd01e1de45e0bbdef7d06912035c9b7b8450a41
-
SHA512
11c79c421c610899c29489386d7ac6aa6a76e8b96d1e9bed11f9e98d4f5b31474f063ee61eaa491d2173abb6ae798016834a93bd6953dfbf4ded968a9988f44e
-
SSDEEP
1536:6C5p7b0RGwWtTYGUFwMeAur6vcOAFpRJNF+75DUSvHgMpvP5D9xOPcJS7:6Ido8tEMF+ErFnJkUmAMVRccJS7
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-