General
-
Target
4057ae171ef670868b269f7c0d0d6eac_JaffaCakes118
-
Size
65KB
-
Sample
240713-f1ekkszbqh
-
MD5
4057ae171ef670868b269f7c0d0d6eac
-
SHA1
d36593f9f3e43a1f623203f778dd6af6a7f10bd0
-
SHA256
c3d6831cbe2d790700e47a2e916167acefd6f98a8522f900c94ba0953c67b34c
-
SHA512
cd4fb4461a9c0a161568fce38c2b676db8cfff86708c18fc81d6f2f993a6303c9651f100bfb5e41fb540376f3efb32ab1f1044d2fc25ae39082ba4449e8283f0
-
SSDEEP
768:e8m1Sq4NQErBsH1tzoisBKQI6dObAG/dqOXHsoAx5JXrUqLOY06YKnA+7PoNwZzE:ssq+QV4rObAdNoAf5UqiYFlArNwxoz
Behavioral task
behavioral1
Sample
4057ae171ef670868b269f7c0d0d6eac_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
4057ae171ef670868b269f7c0d0d6eac_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
als4000.servemp3.com
Targets
-
-
Target
4057ae171ef670868b269f7c0d0d6eac_JaffaCakes118
-
Size
65KB
-
MD5
4057ae171ef670868b269f7c0d0d6eac
-
SHA1
d36593f9f3e43a1f623203f778dd6af6a7f10bd0
-
SHA256
c3d6831cbe2d790700e47a2e916167acefd6f98a8522f900c94ba0953c67b34c
-
SHA512
cd4fb4461a9c0a161568fce38c2b676db8cfff86708c18fc81d6f2f993a6303c9651f100bfb5e41fb540376f3efb32ab1f1044d2fc25ae39082ba4449e8283f0
-
SSDEEP
768:e8m1Sq4NQErBsH1tzoisBKQI6dObAG/dqOXHsoAx5JXrUqLOY06YKnA+7PoNwZzE:ssq+QV4rObAdNoAf5UqiYFlArNwxoz
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-