General
-
Target
3e4a1346342094871c6cdc61673d739d_JaffaCakes118
-
Size
24KB
-
Sample
240712-wc1qxatelq
-
MD5
3e4a1346342094871c6cdc61673d739d
-
SHA1
0765788601578ce4941417464c518696dcc04eb1
-
SHA256
8f914f2f45cb93e379a99220bde03e6817245ddcdcfcc2e7dc2b4be33936f481
-
SHA512
4f1e42ea1b20ea7046dc6761bf0f6733ef024070038f5bcdbf96c9aef147afd9495367ba0856ce8f45958aa5fbde2aa20bed387706ec24ddf219ef4533fe7722
-
SSDEEP
384:MIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNyELPNv/WQ24bOz/HAdQPKDk:MIsF81fG9QveLOYTe5YirLF/W94ObyC7
Behavioral task
behavioral1
Sample
3e4a1346342094871c6cdc61673d739d_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3e4a1346342094871c6cdc61673d739d_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
pxsd-pxsd.no-ip.biz
Targets
-
-
Target
3e4a1346342094871c6cdc61673d739d_JaffaCakes118
-
Size
24KB
-
MD5
3e4a1346342094871c6cdc61673d739d
-
SHA1
0765788601578ce4941417464c518696dcc04eb1
-
SHA256
8f914f2f45cb93e379a99220bde03e6817245ddcdcfcc2e7dc2b4be33936f481
-
SHA512
4f1e42ea1b20ea7046dc6761bf0f6733ef024070038f5bcdbf96c9aef147afd9495367ba0856ce8f45958aa5fbde2aa20bed387706ec24ddf219ef4533fe7722
-
SSDEEP
384:MIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNyELPNv/WQ24bOz/HAdQPKDk:MIsF81fG9QveLOYTe5YirLF/W94ObyC7
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-