General
-
Target
51df7dd409b18c676d7b506595e09ba7_JaffaCakes118
-
Size
1008KB
-
Sample
240717-hgrrxasejg
-
MD5
51df7dd409b18c676d7b506595e09ba7
-
SHA1
25a8867ff167eea38ed43552ca6bdbf48d1aec7d
-
SHA256
c93642f0dd5a66809fb5d714e597dfc7971cb236067bc30372e3779b16107fcf
-
SHA512
0cff38b29e224249491bec8892140666d7e2fd7a38bf40db07d309a44d22dd67b0c2167a5be995fd79200fec53816d14606d2442ec4e3c122b689b7b3539bbd8
-
SSDEEP
24576:SOiCv9aUwEeIMrw8cWX4Q48RCPG9MlAC9J:SOiCv9aUwysyWCPGylX
Behavioral task
behavioral1
Sample
51df7dd409b18c676d7b506595e09ba7_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
xtremerat
dfuso.zapto.org
Targets
-
-
Target
51df7dd409b18c676d7b506595e09ba7_JaffaCakes118
-
Size
1008KB
-
MD5
51df7dd409b18c676d7b506595e09ba7
-
SHA1
25a8867ff167eea38ed43552ca6bdbf48d1aec7d
-
SHA256
c93642f0dd5a66809fb5d714e597dfc7971cb236067bc30372e3779b16107fcf
-
SHA512
0cff38b29e224249491bec8892140666d7e2fd7a38bf40db07d309a44d22dd67b0c2167a5be995fd79200fec53816d14606d2442ec4e3c122b689b7b3539bbd8
-
SSDEEP
24576:SOiCv9aUwEeIMrw8cWX4Q48RCPG9MlAC9J:SOiCv9aUwysyWCPGylX
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-