General
-
Target
504c73c86c4b41f578d13acffec9621e_JaffaCakes118
-
Size
124KB
-
Sample
240716-2baqzsshkp
-
MD5
504c73c86c4b41f578d13acffec9621e
-
SHA1
a07a250bb175b35736dd6c5d70436e5c61f5ca2b
-
SHA256
f46c880e324a99523f7027edc0fc7325da89edf51365a00ce65dcafac6b143c4
-
SHA512
7578308d6302cdf75c63d211e8b36c01f1f2dde2d6a9a766f50d01d0485d7c4e2a55aacdc3fca1926ab2371b5c455a8aae281ca7343dca7527c4bd4d2a78c138
-
SSDEEP
3072:lxOBdPD8zm8UtwUT0gdk7iIioI24WosngTy:fOBN8K8BS0gdkuRo9ou
Static task
static1
Behavioral task
behavioral1
Sample
504c73c86c4b41f578d13acffec9621e_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
504c73c86c4b41f578d13acffec9621e_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
moon2009us.linkpc.net
Targets
-
-
Target
504c73c86c4b41f578d13acffec9621e_JaffaCakes118
-
Size
124KB
-
MD5
504c73c86c4b41f578d13acffec9621e
-
SHA1
a07a250bb175b35736dd6c5d70436e5c61f5ca2b
-
SHA256
f46c880e324a99523f7027edc0fc7325da89edf51365a00ce65dcafac6b143c4
-
SHA512
7578308d6302cdf75c63d211e8b36c01f1f2dde2d6a9a766f50d01d0485d7c4e2a55aacdc3fca1926ab2371b5c455a8aae281ca7343dca7527c4bd4d2a78c138
-
SSDEEP
3072:lxOBdPD8zm8UtwUT0gdk7iIioI24WosngTy:fOBN8K8BS0gdkuRo9ou
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-