General
-
Target
40cc348290cfa3ed0b762329b862e3d1_JaffaCakes118
-
Size
499KB
-
Sample
240713-jljsjascpm
-
MD5
40cc348290cfa3ed0b762329b862e3d1
-
SHA1
88da9b0f3591b1ea5d5843d4893f0a2f56bb6515
-
SHA256
d9d05ccde0474ec0cbf0291ecf8b385a1b4395d852263ae09f2771f969bd328e
-
SHA512
7f84e2cc0de9bc8bf95a9579f68b9a26fca412cc48029cfdfcfb56a2db27866813c52678dd9d3d2e2883904d2134fc8327fa3882bd88b5074bbc62d9cc4399cc
-
SSDEEP
12288:OKtE03w6No91d134ZedpQpxHtmhnEbr8crxR38bh:O+JA6C9b13D2xNbv/xeb
Static task
static1
Behavioral task
behavioral1
Sample
40cc348290cfa3ed0b762329b862e3d1_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
xtremerat
cauchemar.no-ip.biz
Targets
-
-
Target
40cc348290cfa3ed0b762329b862e3d1_JaffaCakes118
-
Size
499KB
-
MD5
40cc348290cfa3ed0b762329b862e3d1
-
SHA1
88da9b0f3591b1ea5d5843d4893f0a2f56bb6515
-
SHA256
d9d05ccde0474ec0cbf0291ecf8b385a1b4395d852263ae09f2771f969bd328e
-
SHA512
7f84e2cc0de9bc8bf95a9579f68b9a26fca412cc48029cfdfcfb56a2db27866813c52678dd9d3d2e2883904d2134fc8327fa3882bd88b5074bbc62d9cc4399cc
-
SSDEEP
12288:OKtE03w6No91d134ZedpQpxHtmhnEbr8crxR38bh:O+JA6C9b13D2xNbv/xeb
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-