General
-
Target
3d25e80b64d1dd0c061c0be6925e07b0_JaffaCakes118
-
Size
156KB
-
Sample
240712-ncrt1a1cpj
-
MD5
3d25e80b64d1dd0c061c0be6925e07b0
-
SHA1
5a4da987c2e84fb56157a2ba98e1ae3f5773e2e3
-
SHA256
59f28cb7d5408ae079bd1512d502d284ff715e50d7c47f5397ca7b166e29c13b
-
SHA512
019f8c86aad646ed00d55b43a78cbbdb2c751fd1489c02fb5485337552180f24db5785d63ef0a51a25b4f06f93c50bfba4da846c53e9f4a5cfe1d4d2688808bf
-
SSDEEP
3072:bSX+3bsc5WngyfPdLZhFSgWf1DwRJi+SVmsdXKwW7oZoRD68wbwxG:4+rsc5YXLhcg2a8rmsd6we7D68ww
Static task
static1
Behavioral task
behavioral1
Sample
3d25e80b64d1dd0c061c0be6925e07b0_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
3d25e80b64d1dd0c061c0be6925e07b0_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
3d25e80b64d1dd0c061c0be6925e07b0_JaffaCakes118
-
Size
156KB
-
MD5
3d25e80b64d1dd0c061c0be6925e07b0
-
SHA1
5a4da987c2e84fb56157a2ba98e1ae3f5773e2e3
-
SHA256
59f28cb7d5408ae079bd1512d502d284ff715e50d7c47f5397ca7b166e29c13b
-
SHA512
019f8c86aad646ed00d55b43a78cbbdb2c751fd1489c02fb5485337552180f24db5785d63ef0a51a25b4f06f93c50bfba4da846c53e9f4a5cfe1d4d2688808bf
-
SSDEEP
3072:bSX+3bsc5WngyfPdLZhFSgWf1DwRJi+SVmsdXKwW7oZoRD68wbwxG:4+rsc5YXLhcg2a8rmsd6we7D68ww
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-