General
-
Target
4f697b0aeb44cbb7f22b02d19b7122c5_JaffaCakes118
-
Size
424KB
-
Sample
240716-weabqswgje
-
MD5
4f697b0aeb44cbb7f22b02d19b7122c5
-
SHA1
9c205e05d5e52f0669479971a9a3a17b911bff0d
-
SHA256
e8206004c0606c56dea9ab1acad5037d8d52bbc819546d1aafbf76decaa6da81
-
SHA512
48edd11dfb88c7785d8522ab0a99348b6d9e6a7bff08f4f5c2607ad03ca818576bcc4df572b8544a305a039d35ce0ca0e6252bd8e50513cc4badd1364c54e8b9
-
SSDEEP
12288:e4Dbo6r6K/lGRgOUqmq9kR6lhKXadJ6AsW:ez62K/cRgOnmq9g6tEW
Static task
static1
Behavioral task
behavioral1
Sample
4f697b0aeb44cbb7f22b02d19b7122c5_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4f697b0aeb44cbb7f22b02d19b7122c5_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
stop-top.no-ip.info
Targets
-
-
Target
4f697b0aeb44cbb7f22b02d19b7122c5_JaffaCakes118
-
Size
424KB
-
MD5
4f697b0aeb44cbb7f22b02d19b7122c5
-
SHA1
9c205e05d5e52f0669479971a9a3a17b911bff0d
-
SHA256
e8206004c0606c56dea9ab1acad5037d8d52bbc819546d1aafbf76decaa6da81
-
SHA512
48edd11dfb88c7785d8522ab0a99348b6d9e6a7bff08f4f5c2607ad03ca818576bcc4df572b8544a305a039d35ce0ca0e6252bd8e50513cc4badd1364c54e8b9
-
SSDEEP
12288:e4Dbo6r6K/lGRgOUqmq9kR6lhKXadJ6AsW:ez62K/cRgOnmq9g6tEW
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-