General
-
Target
3cf42fd9caf07439a99289cb4c41aebb_JaffaCakes118
-
Size
520KB
-
Sample
240712-l8cc3syfpq
-
MD5
3cf42fd9caf07439a99289cb4c41aebb
-
SHA1
8807f08c90a122e28f92e201036dfd0e58a32911
-
SHA256
cebfe27ed9d97b2dc79dac60c5422b33e2dbe8c25a2945e0a8c0893b512e32b9
-
SHA512
c45cecc4fddf9e846a304b806c2a37b4960c52721c999bb0a3c44c09dccd4ee7b3254b234e826b8eacd77fc5dec420657c83eda065bb43725c8774462c3d68de
-
SSDEEP
12288:ZHkxkmDqkRkhBTbcwXaNeQBdmHfI3C+V1B9:ZEarB3KNeQBdafIS
Behavioral task
behavioral1
Sample
3cf42fd9caf07439a99289cb4c41aebb_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
3cf42fd9caf07439a99289cb4c41aebb_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
boube1900.no-ip.info
Targets
-
-
Target
3cf42fd9caf07439a99289cb4c41aebb_JaffaCakes118
-
Size
520KB
-
MD5
3cf42fd9caf07439a99289cb4c41aebb
-
SHA1
8807f08c90a122e28f92e201036dfd0e58a32911
-
SHA256
cebfe27ed9d97b2dc79dac60c5422b33e2dbe8c25a2945e0a8c0893b512e32b9
-
SHA512
c45cecc4fddf9e846a304b806c2a37b4960c52721c999bb0a3c44c09dccd4ee7b3254b234e826b8eacd77fc5dec420657c83eda065bb43725c8774462c3d68de
-
SSDEEP
12288:ZHkxkmDqkRkhBTbcwXaNeQBdmHfI3C+V1B9:ZEarB3KNeQBdafIS
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-