General
-
Target
3e8755361dc8e3ba4f8a65d2a8c8fed8_JaffaCakes118
-
Size
21KB
-
Sample
240712-xs5kgaweqq
-
MD5
3e8755361dc8e3ba4f8a65d2a8c8fed8
-
SHA1
f4acae28ba7a3b37d54377024e6000e23511809e
-
SHA256
36e233e96baba7e598575353034f4b0a6fe4d6db25ba977e0abc5f9d6e0fca46
-
SHA512
daada2ce2a621c1e021e4168eca5e09575db1c4ab089c71ff110b7766dccddeb903ea864f4dd085ca91960b4dd5628698921a8ff174136d4fba9d8ea66c637e7
-
SSDEEP
384:3IdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlbpQ4jbNfymz6UyziQqepLR:3IsF81fG9QveLOYTe5YippQgNfy5UzQz
Behavioral task
behavioral1
Sample
3e8755361dc8e3ba4f8a65d2a8c8fed8_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3e8755361dc8e3ba4f8a65d2a8c8fed8_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
xtremerat
microlux7.zapto.org
Targets
-
-
Target
3e8755361dc8e3ba4f8a65d2a8c8fed8_JaffaCakes118
-
Size
21KB
-
MD5
3e8755361dc8e3ba4f8a65d2a8c8fed8
-
SHA1
f4acae28ba7a3b37d54377024e6000e23511809e
-
SHA256
36e233e96baba7e598575353034f4b0a6fe4d6db25ba977e0abc5f9d6e0fca46
-
SHA512
daada2ce2a621c1e021e4168eca5e09575db1c4ab089c71ff110b7766dccddeb903ea864f4dd085ca91960b4dd5628698921a8ff174136d4fba9d8ea66c637e7
-
SSDEEP
384:3IdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlbpQ4jbNfymz6UyziQqepLR:3IsF81fG9QveLOYTe5YippQgNfy5UzQz
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-