General
-
Target
4f5e89e28fc5bca7851aa5c72b86be67_JaffaCakes118
-
Size
21KB
-
Sample
240716-v7l1kawdmh
-
MD5
4f5e89e28fc5bca7851aa5c72b86be67
-
SHA1
4aff3048d15ac77e9217509eb42726668cb41491
-
SHA256
c3155e01f959d88725abe33533eda8e5c560b18c8a4ed3f49b5ac4aee67d80b7
-
SHA512
eafb4a29629092b7582c4621164b61f7420ba98369f2eef31b5fabdaaee7362675769e451872ee4ee9a15d1a01d3e4006697f5ea2708be0618956c8ccd8b5eae
-
SSDEEP
384:rHIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlNhpQ4CQFeQbsYpLR:DIsF81fG9QveLOYTe5YilpQl69
Behavioral task
behavioral1
Sample
4f5e89e28fc5bca7851aa5c72b86be67_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4f5e89e28fc5bca7851aa5c72b86be67_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
mr2010.no-ip.org
Targets
-
-
Target
4f5e89e28fc5bca7851aa5c72b86be67_JaffaCakes118
-
Size
21KB
-
MD5
4f5e89e28fc5bca7851aa5c72b86be67
-
SHA1
4aff3048d15ac77e9217509eb42726668cb41491
-
SHA256
c3155e01f959d88725abe33533eda8e5c560b18c8a4ed3f49b5ac4aee67d80b7
-
SHA512
eafb4a29629092b7582c4621164b61f7420ba98369f2eef31b5fabdaaee7362675769e451872ee4ee9a15d1a01d3e4006697f5ea2708be0618956c8ccd8b5eae
-
SSDEEP
384:rHIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlNhpQ4CQFeQbsYpLR:DIsF81fG9QveLOYTe5YilpQl69
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-