General
-
Target
511828feb426f51a964f43d29c9003cf_JaffaCakes118
-
Size
120KB
-
Sample
240717-cwkn9a1hmk
-
MD5
511828feb426f51a964f43d29c9003cf
-
SHA1
4e69ae6ce0d02f44e93af4d7a831d00ef59ca133
-
SHA256
6a11e517575bedc388aa82ab44df87cc75bd562fad8f829035e9ca11b033a52a
-
SHA512
70487145cea2c1e9e5faf048ddd0f841015b56c80efbfc7616083fb51f6a817f5ef904c138da2f70f0557f7b00b354e850e9f28ff2ded0be51d197f689d6a299
-
SSDEEP
768:MKTQpaDCun7wfbjfT602a0ro6oSENk3s5naQ2xWuxR/mEfFEKktKHM2Zo3GHvxlY:MKTQpuCg2EENd5aQyW0msEVbMxPm
Static task
static1
Behavioral task
behavioral1
Sample
511828feb426f51a964f43d29c9003cf_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
511828feb426f51a964f43d29c9003cf_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
511828feb426f51a964f43d29c9003cf_JaffaCakes118
-
Size
120KB
-
MD5
511828feb426f51a964f43d29c9003cf
-
SHA1
4e69ae6ce0d02f44e93af4d7a831d00ef59ca133
-
SHA256
6a11e517575bedc388aa82ab44df87cc75bd562fad8f829035e9ca11b033a52a
-
SHA512
70487145cea2c1e9e5faf048ddd0f841015b56c80efbfc7616083fb51f6a817f5ef904c138da2f70f0557f7b00b354e850e9f28ff2ded0be51d197f689d6a299
-
SSDEEP
768:MKTQpaDCun7wfbjfT602a0ro6oSENk3s5naQ2xWuxR/mEfFEKktKHM2Zo3GHvxlY:MKTQpuCg2EENd5aQyW0msEVbMxPm
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-