General
-
Target
5020a82e8da32283caf7302ebaf1d725_JaffaCakes118
-
Size
36KB
-
Sample
240716-1exjgs1cpj
-
MD5
5020a82e8da32283caf7302ebaf1d725
-
SHA1
3f41bc98bd24cccb347b3c28a82c3b9065a84ef5
-
SHA256
233e054a297bb94781c74086964d3648554d6dfb8201c8ec2e2108b210aae00c
-
SHA512
040acb3eef3b2ee8271f5747e829dc63c35166e8ab901f49549004dfdf19596faf711ce653c7342a9bc2f3b85c82e3e45276d28c14a40a9b8b0891d56118d8cf
-
SSDEEP
768:UggD7oyAX2hwdDJR+5WQt28Dvz9zXeOfhb+gJMXjbWEZRL02JGfJxQLoI:UvD74dVR+UQsaZOGhb7JMHN02Jl
Behavioral task
behavioral1
Sample
5020a82e8da32283caf7302ebaf1d725_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5020a82e8da32283caf7302ebaf1d725_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
mom.no-ip.biz
Targets
-
-
Target
5020a82e8da32283caf7302ebaf1d725_JaffaCakes118
-
Size
36KB
-
MD5
5020a82e8da32283caf7302ebaf1d725
-
SHA1
3f41bc98bd24cccb347b3c28a82c3b9065a84ef5
-
SHA256
233e054a297bb94781c74086964d3648554d6dfb8201c8ec2e2108b210aae00c
-
SHA512
040acb3eef3b2ee8271f5747e829dc63c35166e8ab901f49549004dfdf19596faf711ce653c7342a9bc2f3b85c82e3e45276d28c14a40a9b8b0891d56118d8cf
-
SSDEEP
768:UggD7oyAX2hwdDJR+5WQt28Dvz9zXeOfhb+gJMXjbWEZRL02JGfJxQLoI:UvD74dVR+UQsaZOGhb7JMHN02Jl
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-