General
-
Target
4f3162d9a5ec91d2a30839eff5e6b7c7_JaffaCakes118
-
Size
122KB
-
Sample
240716-t87g8avakh
-
MD5
4f3162d9a5ec91d2a30839eff5e6b7c7
-
SHA1
6585f04ca819ad43449700d96cf550fe9fdd6f5e
-
SHA256
6e83543748adff57311fd6468f8d7fda186d5ccd787d233c0af1298515e89a81
-
SHA512
dfbad33f24c5afbd4c20de1f99d3cd9ba1cf0fc1944e4ed2c2299900997abb3274ae1a21c84358a916379b44efea0272818ee29041a3b79a55d8e198d806178c
-
SSDEEP
3072:W6S6uZEfFj0AIFP7NI7gR2+CSofNAZ6PD/i0hTJK5:c6u2fl0bPjR2p1AYimTJ
Static task
static1
Behavioral task
behavioral1
Sample
4f3162d9a5ec91d2a30839eff5e6b7c7_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4f3162d9a5ec91d2a30839eff5e6b7c7_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
4f3162d9a5ec91d2a30839eff5e6b7c7_JaffaCakes118
-
Size
122KB
-
MD5
4f3162d9a5ec91d2a30839eff5e6b7c7
-
SHA1
6585f04ca819ad43449700d96cf550fe9fdd6f5e
-
SHA256
6e83543748adff57311fd6468f8d7fda186d5ccd787d233c0af1298515e89a81
-
SHA512
dfbad33f24c5afbd4c20de1f99d3cd9ba1cf0fc1944e4ed2c2299900997abb3274ae1a21c84358a916379b44efea0272818ee29041a3b79a55d8e198d806178c
-
SSDEEP
3072:W6S6uZEfFj0AIFP7NI7gR2+CSofNAZ6PD/i0hTJK5:c6u2fl0bPjR2p1AYimTJ
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-