General
-
Target
503ba7f679d042c020e14e4025c16161_JaffaCakes118
-
Size
615KB
-
Sample
240716-1x9xjasckj
-
MD5
503ba7f679d042c020e14e4025c16161
-
SHA1
cdccb5c58265f46babe2e5626effc2b799a8d692
-
SHA256
6aa7a48dfd92511dc70cdbd6539f6b56946f185d9e1451fc7e8f4787880e3451
-
SHA512
115757b43c9f318d00432bac060205166bc4a3e062e33505589922a26992658bf236087b4d216cbc783a07fe596f40b88d542c887c76a1a5296a25c6ebd717a4
-
SSDEEP
12288:9u/eEyDXGtIgdjkhjA0zL5tbYe5WyuovxnjlSOjolM:94TAgUjA0ztie6ovxnBz
Static task
static1
Behavioral task
behavioral1
Sample
503ba7f679d042c020e14e4025c16161_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
503ba7f679d042c020e14e4025c16161_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
cescmouad.zapto.org
Targets
-
-
Target
503ba7f679d042c020e14e4025c16161_JaffaCakes118
-
Size
615KB
-
MD5
503ba7f679d042c020e14e4025c16161
-
SHA1
cdccb5c58265f46babe2e5626effc2b799a8d692
-
SHA256
6aa7a48dfd92511dc70cdbd6539f6b56946f185d9e1451fc7e8f4787880e3451
-
SHA512
115757b43c9f318d00432bac060205166bc4a3e062e33505589922a26992658bf236087b4d216cbc783a07fe596f40b88d542c887c76a1a5296a25c6ebd717a4
-
SSDEEP
12288:9u/eEyDXGtIgdjkhjA0zL5tbYe5WyuovxnjlSOjolM:94TAgUjA0ztie6ovxnBz
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-