General
-
Target
50889455dcc0026d8179a38d67782ebf_JaffaCakes118
-
Size
165KB
-
Sample
240716-3j847awajk
-
MD5
50889455dcc0026d8179a38d67782ebf
-
SHA1
f05c5a6de06381029d66fe32e4f62697d4f5268e
-
SHA256
88ffc0a293c116c68db5b1f0866880624addfc832bf9644915b0769a1633e34a
-
SHA512
9f85afe212e7286eec1ea1049eeed43722e8cceba64a7d7124c23fcbbd042e2f9a2012605f15cfc88fa693fd77352b449f66ede34e83ee1affb9f74a20f52d29
-
SSDEEP
3072:q8ivezMCdpTrgJlv8XftAHS4V11DEdO9aXNu7IaNYIaEp56UCwd88/vt:Ziv4dhOJMftAHS4V11YdwadcaEhh3
Static task
static1
Behavioral task
behavioral1
Sample
50889455dcc0026d8179a38d67782ebf_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
50889455dcc0026d8179a38d67782ebf_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
50889455dcc0026d8179a38d67782ebf_JaffaCakes118
-
Size
165KB
-
MD5
50889455dcc0026d8179a38d67782ebf
-
SHA1
f05c5a6de06381029d66fe32e4f62697d4f5268e
-
SHA256
88ffc0a293c116c68db5b1f0866880624addfc832bf9644915b0769a1633e34a
-
SHA512
9f85afe212e7286eec1ea1049eeed43722e8cceba64a7d7124c23fcbbd042e2f9a2012605f15cfc88fa693fd77352b449f66ede34e83ee1affb9f74a20f52d29
-
SSDEEP
3072:q8ivezMCdpTrgJlv8XftAHS4V11DEdO9aXNu7IaNYIaEp56UCwd88/vt:Ziv4dhOJMftAHS4V11YdwadcaEhh3
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-