General
-
Target
3e74644402b9ee49f97eaf6f475d350f_JaffaCakes118
-
Size
588KB
-
Sample
240712-xdsblawalj
-
MD5
3e74644402b9ee49f97eaf6f475d350f
-
SHA1
00b7abd02f04c484614e51bd7654a76207a1ed7e
-
SHA256
b8a77b577abf344fa1921dc59175443e7bda10e77b2df8532a5edc24098d5373
-
SHA512
49294ad086a8ff25d59583396480c317c1255d8bdc25582f83179b8ee568ba951f20810852ee78fb7ef7c67fa7379c85fdb145b1956f0e0a5b593991e99df91e
-
SSDEEP
12288:KeIkhp8rSgzOraBOK/lGRgOUqmq9kR6lhKXahOIEltyDjMtxPq:lhurSxraBOK/cRgOnmq9g69rESnMto
Static task
static1
Behavioral task
behavioral1
Sample
3e74644402b9ee49f97eaf6f475d350f_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3e74644402b9ee49f97eaf6f475d350f_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
cescmouad.zapto.org
Targets
-
-
Target
3e74644402b9ee49f97eaf6f475d350f_JaffaCakes118
-
Size
588KB
-
MD5
3e74644402b9ee49f97eaf6f475d350f
-
SHA1
00b7abd02f04c484614e51bd7654a76207a1ed7e
-
SHA256
b8a77b577abf344fa1921dc59175443e7bda10e77b2df8532a5edc24098d5373
-
SHA512
49294ad086a8ff25d59583396480c317c1255d8bdc25582f83179b8ee568ba951f20810852ee78fb7ef7c67fa7379c85fdb145b1956f0e0a5b593991e99df91e
-
SSDEEP
12288:KeIkhp8rSgzOraBOK/lGRgOUqmq9kR6lhKXahOIEltyDjMtxPq:lhurSxraBOK/cRgOnmq9g69rESnMto
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-