General
-
Target
51cf6ac79ff7e98d3c2ce3e1976009d2_JaffaCakes118
-
Size
47KB
-
Sample
240717-g6b73sygjj
-
MD5
51cf6ac79ff7e98d3c2ce3e1976009d2
-
SHA1
15a82d4b425f4e3ad5a0144b2ca9d5dedbe41e2c
-
SHA256
f4bcbce0b4c464bf03aeac7b3a98cd2687cf22159acfa322a905e84a8ba67330
-
SHA512
a06eb699e85aedc4a58e3d720b6e0a15e7791f4a652cc753a55e934132f1a6647be2893c3a5c6fb7053bf264e50fc5992422951b34daf3e225050e1b5efcfbce
-
SSDEEP
768:rBr+tjFqTPkAlfztB1lr6an3smTA8uvm2DfOTwYPI0zoA2:FyRUHlrL1lr6an3TLuvm2buQUoA2
Behavioral task
behavioral1
Sample
51cf6ac79ff7e98d3c2ce3e1976009d2_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
51cf6ac79ff7e98d3c2ce3e1976009d2_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
রd3mnt.no-ip.info
Targets
-
-
Target
51cf6ac79ff7e98d3c2ce3e1976009d2_JaffaCakes118
-
Size
47KB
-
MD5
51cf6ac79ff7e98d3c2ce3e1976009d2
-
SHA1
15a82d4b425f4e3ad5a0144b2ca9d5dedbe41e2c
-
SHA256
f4bcbce0b4c464bf03aeac7b3a98cd2687cf22159acfa322a905e84a8ba67330
-
SHA512
a06eb699e85aedc4a58e3d720b6e0a15e7791f4a652cc753a55e934132f1a6647be2893c3a5c6fb7053bf264e50fc5992422951b34daf3e225050e1b5efcfbce
-
SSDEEP
768:rBr+tjFqTPkAlfztB1lr6an3smTA8uvm2DfOTwYPI0zoA2:FyRUHlrL1lr6an3TLuvm2buQUoA2
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-