General
-
Target
3ef048400dedc33a8b542c37e8c88f8e_JaffaCakes118
-
Size
114KB
-
Sample
240712-z9p78a1bkq
-
MD5
3ef048400dedc33a8b542c37e8c88f8e
-
SHA1
17f023771d1fb12a738f12260005a4157ac5c647
-
SHA256
34558fb35a6b19a4b1de1e5001f1e60205cb34336765fbf2dee46dfb843595bd
-
SHA512
bf5f01c581456926a6805be1b765ccb632f6d9800168ba3fae3dc53e62006c70a6ab11b1443d251f23b79275093a33d7587282eea5709793110715cc08dcacbd
-
SSDEEP
1536:D4+OCECjSYSTj3xeP8KD6FiJrA4LRGaRYEGc8jUVG4t0afZQ8rr98Kdy:DGCjDSMPVDtJNlGaRY1TjU0afZHr6Kdy
Static task
static1
Behavioral task
behavioral1
Sample
3ef048400dedc33a8b542c37e8c88f8e_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
3ef048400dedc33a8b542c37e8c88f8e_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
princedz.no-ip.org
Targets
-
-
Target
3ef048400dedc33a8b542c37e8c88f8e_JaffaCakes118
-
Size
114KB
-
MD5
3ef048400dedc33a8b542c37e8c88f8e
-
SHA1
17f023771d1fb12a738f12260005a4157ac5c647
-
SHA256
34558fb35a6b19a4b1de1e5001f1e60205cb34336765fbf2dee46dfb843595bd
-
SHA512
bf5f01c581456926a6805be1b765ccb632f6d9800168ba3fae3dc53e62006c70a6ab11b1443d251f23b79275093a33d7587282eea5709793110715cc08dcacbd
-
SSDEEP
1536:D4+OCECjSYSTj3xeP8KD6FiJrA4LRGaRYEGc8jUVG4t0afZQ8rr98Kdy:DGCjDSMPVDtJNlGaRY1TjU0afZHr6Kdy
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-