General
-
Target
50a5c739ce813ffd001ccf029bca129c_JaffaCakes118
-
Size
900KB
-
Sample
240717-ad953swhpl
-
MD5
50a5c739ce813ffd001ccf029bca129c
-
SHA1
cca16d7c0fd79585bedcfedba73a7b8a8c22a4b4
-
SHA256
b02a3881dd99b89e865f43f50fb1436de3c60e6218fc50e91464c8ada5efd47f
-
SHA512
bc437826336d9f0966d4f20c5642d8c5cf185998b41b5c3d420484fe16d22e330a093fc022cf4b1889ac03ca19e05a40cc6299ebbe08d2848e119b3a6bd80085
-
SSDEEP
24576:ZyE5gA3UdwrZDifLB0HDXd0+OlHIsFc82Hjvv:Xk6DifL2HxtOdI0i
Behavioral task
behavioral1
Sample
50a5c739ce813ffd001ccf029bca129c_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
50a5c739ce813ffd001ccf029bca129c_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
mahmoodgz.no-ip.biz
Targets
-
-
Target
50a5c739ce813ffd001ccf029bca129c_JaffaCakes118
-
Size
900KB
-
MD5
50a5c739ce813ffd001ccf029bca129c
-
SHA1
cca16d7c0fd79585bedcfedba73a7b8a8c22a4b4
-
SHA256
b02a3881dd99b89e865f43f50fb1436de3c60e6218fc50e91464c8ada5efd47f
-
SHA512
bc437826336d9f0966d4f20c5642d8c5cf185998b41b5c3d420484fe16d22e330a093fc022cf4b1889ac03ca19e05a40cc6299ebbe08d2848e119b3a6bd80085
-
SSDEEP
24576:ZyE5gA3UdwrZDifLB0HDXd0+OlHIsFc82Hjvv:Xk6DifL2HxtOdI0i
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-