General
-
Target
401057a32d2cd428dad58add4f1742df_JaffaCakes118
-
Size
45KB
-
Sample
240713-eap3ysthqj
-
MD5
401057a32d2cd428dad58add4f1742df
-
SHA1
05931bbcb53b0580dd82f7dba254a528de51e765
-
SHA256
131a6f5e7befec2727ee0be47aea4222c1ec9464b75d2794bc2240ac289e2450
-
SHA512
01e67472694ce99da860e14bbd405bbfd028b13703c792b8bc51e985717f32a7158f40a2df1d8fa50519b115d5558a7e7f495377b4be18701335511f697e2639
-
SSDEEP
768:9Br+tjFY90iY6W1jwmDzKgEFQXaklMIAnH8hwfOgw0cIzoQYE:jyRh31jxPEFQXak+H84bJoQYE
Behavioral task
behavioral1
Sample
401057a32d2cd428dad58add4f1742df_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
401057a32d2cd428dad58add4f1742df_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
fatah.no-ip.biz
Targets
-
-
Target
401057a32d2cd428dad58add4f1742df_JaffaCakes118
-
Size
45KB
-
MD5
401057a32d2cd428dad58add4f1742df
-
SHA1
05931bbcb53b0580dd82f7dba254a528de51e765
-
SHA256
131a6f5e7befec2727ee0be47aea4222c1ec9464b75d2794bc2240ac289e2450
-
SHA512
01e67472694ce99da860e14bbd405bbfd028b13703c792b8bc51e985717f32a7158f40a2df1d8fa50519b115d5558a7e7f495377b4be18701335511f697e2639
-
SSDEEP
768:9Br+tjFY90iY6W1jwmDzKgEFQXaklMIAnH8hwfOgw0cIzoQYE:jyRh31jxPEFQXak+H84bJoQYE
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-