General
-
Target
3ee16182d25c18ef09567a3d59277b61_JaffaCakes118
-
Size
75KB
-
Sample
240712-zxqm8asela
-
MD5
3ee16182d25c18ef09567a3d59277b61
-
SHA1
050874bab9a33b43b02920ae15edcd2445f5623c
-
SHA256
55e9a72c406166e8b66cf69584621e329a09ed098ffecc747d19aa3c15e2d30d
-
SHA512
5f6db70cd2ea5aeb07b8b1375466d31e2d2d8fd0ce3b5fa7ac8502ba80254532a59833ce02d35c3782103470f043bf76cf654a59da9250712942494bcce35b90
-
SSDEEP
1536:81KMQddgUm6yzJu8HsIkTmkqNXDWmFJ9ZhIlHhLdBvgxWs:tvdjszxHsIk5q5FJ9nIBLdB4xWs
Behavioral task
behavioral1
Sample
3ee16182d25c18ef09567a3d59277b61_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3ee16182d25c18ef09567a3d59277b61_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
alsfa7.no-ip.biz
Targets
-
-
Target
3ee16182d25c18ef09567a3d59277b61_JaffaCakes118
-
Size
75KB
-
MD5
3ee16182d25c18ef09567a3d59277b61
-
SHA1
050874bab9a33b43b02920ae15edcd2445f5623c
-
SHA256
55e9a72c406166e8b66cf69584621e329a09ed098ffecc747d19aa3c15e2d30d
-
SHA512
5f6db70cd2ea5aeb07b8b1375466d31e2d2d8fd0ce3b5fa7ac8502ba80254532a59833ce02d35c3782103470f043bf76cf654a59da9250712942494bcce35b90
-
SSDEEP
1536:81KMQddgUm6yzJu8HsIkTmkqNXDWmFJ9ZhIlHhLdBvgxWs:tvdjszxHsIk5q5FJ9nIBLdB4xWs
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-