General
-
Target
5266bb90458c6f3f51705b8121859638_JaffaCakes118
-
Size
124KB
-
Sample
240717-lg7d5sxfrf
-
MD5
5266bb90458c6f3f51705b8121859638
-
SHA1
5d261359952fe3bdbd6b49c19ea4ea72579dd8e7
-
SHA256
548a99768186fb9306022951ee39bfb8311ec2d281455ec326c931fa5351f714
-
SHA512
2a098673bb742c1dcbaa39294972672b3cef652a15a2a227fdf6de1fd338ed8690e10087c35469adaa875a673bca17a07fb54d9294db5ab2584a20b84f9b5a37
-
SSDEEP
3072:WgYNSJRZ6bSpOLRDS6UZ+3NkYrCp5slSd:W5SrZ6mpOlDfC+3CYrCph
Static task
static1
Behavioral task
behavioral1
Sample
5266bb90458c6f3f51705b8121859638_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
5266bb90458c6f3f51705b8121859638_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
mal3k.no-ip.org
Targets
-
-
Target
5266bb90458c6f3f51705b8121859638_JaffaCakes118
-
Size
124KB
-
MD5
5266bb90458c6f3f51705b8121859638
-
SHA1
5d261359952fe3bdbd6b49c19ea4ea72579dd8e7
-
SHA256
548a99768186fb9306022951ee39bfb8311ec2d281455ec326c931fa5351f714
-
SHA512
2a098673bb742c1dcbaa39294972672b3cef652a15a2a227fdf6de1fd338ed8690e10087c35469adaa875a673bca17a07fb54d9294db5ab2584a20b84f9b5a37
-
SSDEEP
3072:WgYNSJRZ6bSpOLRDS6UZ+3NkYrCp5slSd:W5SrZ6mpOlDfC+3CYrCph
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-