General
-
Target
405cad2f890fa2b86620d95265563986_JaffaCakes118
-
Size
53KB
-
Sample
240713-f48b3azdkd
-
MD5
405cad2f890fa2b86620d95265563986
-
SHA1
80036fe1450eba876fe78a0eb1a26df025126e94
-
SHA256
aa8f51f0ec2bf429916c53504330300ed01e3473b6455eafb3ac8e62d4a6b740
-
SHA512
9272aaa350421d462a0b1ec0ac5a34716a513407010888c0da3970014d7e78a5b1f88f7653645f1a67e928c7b974a733b0e09d1294f3bfa724dc49e172f7e238
-
SSDEEP
768:xVemHWN85IcwL5Rtgfnp/rKh0c5pjHt4O1SucP3uufEaGl2RNkW1Q8reDUb3jAMY:52N8WcwL5RtGnRUR5pDtWpc7EkDqThpI
Static task
static1
Behavioral task
behavioral1
Sample
405cad2f890fa2b86620d95265563986_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
405cad2f890fa2b86620d95265563986_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
admbruno.no-ip.biz
Targets
-
-
Target
405cad2f890fa2b86620d95265563986_JaffaCakes118
-
Size
53KB
-
MD5
405cad2f890fa2b86620d95265563986
-
SHA1
80036fe1450eba876fe78a0eb1a26df025126e94
-
SHA256
aa8f51f0ec2bf429916c53504330300ed01e3473b6455eafb3ac8e62d4a6b740
-
SHA512
9272aaa350421d462a0b1ec0ac5a34716a513407010888c0da3970014d7e78a5b1f88f7653645f1a67e928c7b974a733b0e09d1294f3bfa724dc49e172f7e238
-
SSDEEP
768:xVemHWN85IcwL5Rtgfnp/rKh0c5pjHt4O1SucP3uufEaGl2RNkW1Q8reDUb3jAMY:52N8WcwL5RtGnRUR5pDtWpc7EkDqThpI
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-