General
-
Target
4fa376e5ca671bccd9f2c239bd42fd19_JaffaCakes118
-
Size
119KB
-
Sample
240716-xrg3sawakm
-
MD5
4fa376e5ca671bccd9f2c239bd42fd19
-
SHA1
b0be4c96572df9d47b1072c61c80a61e92536556
-
SHA256
f8112b237e9b8c68dd997ce7dcd089c059af4eed5ed58b49e1e40d686c8dde57
-
SHA512
423ff62455e38eefd56c2adb778c695ed041fd95ed6e9840d6c3d649d059f8683a1e9a7fe18df21d397bb52f9cb265af93d5bd5538fe2239f5218d5ca35bf53c
-
SSDEEP
3072:0rbfEa2wJFu+cd819tU7D5I6uwn94cJc:0nD2QFu+dTSDSO94cJc
Static task
static1
Behavioral task
behavioral1
Sample
4fa376e5ca671bccd9f2c239bd42fd19_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4fa376e5ca671bccd9f2c239bd42fd19_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
ofcorp.no-ip.org
Targets
-
-
Target
4fa376e5ca671bccd9f2c239bd42fd19_JaffaCakes118
-
Size
119KB
-
MD5
4fa376e5ca671bccd9f2c239bd42fd19
-
SHA1
b0be4c96572df9d47b1072c61c80a61e92536556
-
SHA256
f8112b237e9b8c68dd997ce7dcd089c059af4eed5ed58b49e1e40d686c8dde57
-
SHA512
423ff62455e38eefd56c2adb778c695ed041fd95ed6e9840d6c3d649d059f8683a1e9a7fe18df21d397bb52f9cb265af93d5bd5538fe2239f5218d5ca35bf53c
-
SSDEEP
3072:0rbfEa2wJFu+cd819tU7D5I6uwn94cJc:0nD2QFu+dTSDSO94cJc
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-