General
-
Target
3d3bb544355fab6e8febe0db30004995_JaffaCakes118
-
Size
89KB
-
Sample
240712-nt4vwstgqa
-
MD5
3d3bb544355fab6e8febe0db30004995
-
SHA1
4777a91e63606e04e2ff583f70d72d967fd14721
-
SHA256
71f5810eb5a53cd17fb21e06ea022a42ecc2dd5f243570ef819c160cebd48cfa
-
SHA512
387aadfd7c9025aa77879396ba18525a16dcce98ef8be9ff1f926e5f29f61a0779ee60fffdabcfb624fc7961c25551ef416382a7dc9cc5b98c1c1e38564196a8
-
SSDEEP
1536:RagPchKOGOx4SDj2Ze5B7+OVaYPo+TFLlw/PlY3ZyGM:QgPchKOGzSXDR+OdPPQn+a
Static task
static1
Behavioral task
behavioral1
Sample
3d3bb544355fab6e8febe0db30004995_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3d3bb544355fab6e8febe0db30004995_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
xstreme.no-ip.org
Targets
-
-
Target
3d3bb544355fab6e8febe0db30004995_JaffaCakes118
-
Size
89KB
-
MD5
3d3bb544355fab6e8febe0db30004995
-
SHA1
4777a91e63606e04e2ff583f70d72d967fd14721
-
SHA256
71f5810eb5a53cd17fb21e06ea022a42ecc2dd5f243570ef819c160cebd48cfa
-
SHA512
387aadfd7c9025aa77879396ba18525a16dcce98ef8be9ff1f926e5f29f61a0779ee60fffdabcfb624fc7961c25551ef416382a7dc9cc5b98c1c1e38564196a8
-
SSDEEP
1536:RagPchKOGOx4SDj2Ze5B7+OVaYPo+TFLlw/PlY3ZyGM:QgPchKOGzSXDR+OdPPQn+a
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-