General
-
Target
4f11b6a09073985cf93a36002f0a9ea6_JaffaCakes118
-
Size
392KB
-
Sample
240716-tlcdkazgnp
-
MD5
4f11b6a09073985cf93a36002f0a9ea6
-
SHA1
8f69ff627226ce0c02e1be94b94e171b589c7261
-
SHA256
42a51aad173708906e007997b042c13389f0754ee0f1974197ad5263a8483a0a
-
SHA512
c08eca7cbd3240d5fdfb2ed451e974f32354452fb6a4aa59c887de2fc0e2d9a0bcb98a74015fe039a9cff26078e9389d8e82c452ccdfd5148bf1c81523343faa
-
SSDEEP
3072:PoRcyK32PCjiyQhx76XPNKcyK32PCjiyQhx76:YpK32PlyQhUXspK32PlyQhU
Static task
static1
Behavioral task
behavioral1
Sample
4f11b6a09073985cf93a36002f0a9ea6_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4f11b6a09073985cf93a36002f0a9ea6_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
mrace.no-ip.info
Targets
-
-
Target
4f11b6a09073985cf93a36002f0a9ea6_JaffaCakes118
-
Size
392KB
-
MD5
4f11b6a09073985cf93a36002f0a9ea6
-
SHA1
8f69ff627226ce0c02e1be94b94e171b589c7261
-
SHA256
42a51aad173708906e007997b042c13389f0754ee0f1974197ad5263a8483a0a
-
SHA512
c08eca7cbd3240d5fdfb2ed451e974f32354452fb6a4aa59c887de2fc0e2d9a0bcb98a74015fe039a9cff26078e9389d8e82c452ccdfd5148bf1c81523343faa
-
SSDEEP
3072:PoRcyK32PCjiyQhx76XPNKcyK32PCjiyQhx76:YpK32PlyQhUXspK32PlyQhU
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-