General
-
Target
4fe803090331cfcace587a8310a4bc26_JaffaCakes118
-
Size
49KB
-
Sample
240716-y47dwa1eqe
-
MD5
4fe803090331cfcace587a8310a4bc26
-
SHA1
dc3a5c03a8e7c3509bc28846cec8bf1c555ac73d
-
SHA256
29585e49ee0559e73c692ddaa8db2fb6512c5f46a8b7fc1d57c388da2ff79390
-
SHA512
92a9dc6e84dace2826da39b356dbb36db0c422cd52f4f7d9e38a254dca38330e647899013d3ed6ebb33624eb86f929ab5cf2b11aa276827a063919f20e9984b1
-
SSDEEP
768:aEJ7xLMdyOxVhtJwUTN/XY9Mojj2p0KVho/AT9bWlRPcwghP9OlhCJc:aEYdBRG4Q9HjTGJ4lR8POi
Static task
static1
Behavioral task
behavioral1
Sample
4fe803090331cfcace587a8310a4bc26_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
4fe803090331cfcace587a8310a4bc26_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
biladi2000.no-ip.info
Targets
-
-
Target
4fe803090331cfcace587a8310a4bc26_JaffaCakes118
-
Size
49KB
-
MD5
4fe803090331cfcace587a8310a4bc26
-
SHA1
dc3a5c03a8e7c3509bc28846cec8bf1c555ac73d
-
SHA256
29585e49ee0559e73c692ddaa8db2fb6512c5f46a8b7fc1d57c388da2ff79390
-
SHA512
92a9dc6e84dace2826da39b356dbb36db0c422cd52f4f7d9e38a254dca38330e647899013d3ed6ebb33624eb86f929ab5cf2b11aa276827a063919f20e9984b1
-
SSDEEP
768:aEJ7xLMdyOxVhtJwUTN/XY9Mojj2p0KVho/AT9bWlRPcwghP9OlhCJc:aEYdBRG4Q9HjTGJ4lR8POi
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-