General
-
Target
3fc91b904a595426ff3d835d00868bcf_JaffaCakes118
-
Size
85KB
-
Sample
240713-clltkatdjf
-
MD5
3fc91b904a595426ff3d835d00868bcf
-
SHA1
97799b06d035afe53ead191d7a96d08410bf274d
-
SHA256
1e2c3bb17e3628ef98870c67fd217506265b2c94e44182b70bde58e8697e7333
-
SHA512
5a92ef78e8b76739709a2b415eaefb21248592f7d063cc1193d56eaafb6c51728045d9115d849c7a878283300f04817ca80c49def69c4f1602edcbe4a2011caa
-
SSDEEP
1536:+VNEfxvOYM9zqqYyIow2MJCZ7iqHWWzpatef6O0+DZFT+ePL0Vf7ds2IcYX9nNgL:UE9lwdYyIow2MJCZ7idewtUY+fT+ePLy
Static task
static1
Behavioral task
behavioral1
Sample
3fc91b904a595426ff3d835d00868bcf_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3fc91b904a595426ff3d835d00868bcf_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
franco1.no-ip.org
Targets
-
-
Target
3fc91b904a595426ff3d835d00868bcf_JaffaCakes118
-
Size
85KB
-
MD5
3fc91b904a595426ff3d835d00868bcf
-
SHA1
97799b06d035afe53ead191d7a96d08410bf274d
-
SHA256
1e2c3bb17e3628ef98870c67fd217506265b2c94e44182b70bde58e8697e7333
-
SHA512
5a92ef78e8b76739709a2b415eaefb21248592f7d063cc1193d56eaafb6c51728045d9115d849c7a878283300f04817ca80c49def69c4f1602edcbe4a2011caa
-
SSDEEP
1536:+VNEfxvOYM9zqqYyIow2MJCZ7iqHWWzpatef6O0+DZFT+ePL0Vf7ds2IcYX9nNgL:UE9lwdYyIow2MJCZ7idewtUY+fT+ePLy
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-