General
-
Target
531213d0b94c26e4d267d1c86a967893_JaffaCakes118
-
Size
127KB
-
Sample
240717-p51haavcjb
-
MD5
531213d0b94c26e4d267d1c86a967893
-
SHA1
a9c62f63c638acf43a7f46c65b9601fd8b34e2ff
-
SHA256
c74ca6a9d3ce1bf3d2420b444334fef3a786a842f58b8acca83a4bd5580d937a
-
SHA512
d44f4565dc80971996f015c8219691825b1e588b28490717d9aa0f64c484117dbd76190c1234ba9eefb345c595601814e6cc68eb36bb627ccc6b4635d43b14a4
-
SSDEEP
3072:PD5YAoxP4ceZHIwMCIyB0g/Z/noutNsngh:Plq69IxDyBr/noSN
Behavioral task
behavioral1
Sample
531213d0b94c26e4d267d1c86a967893_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
531213d0b94c26e4d267d1c86a967893_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
moon2009us.linkpc.net
Targets
-
-
Target
531213d0b94c26e4d267d1c86a967893_JaffaCakes118
-
Size
127KB
-
MD5
531213d0b94c26e4d267d1c86a967893
-
SHA1
a9c62f63c638acf43a7f46c65b9601fd8b34e2ff
-
SHA256
c74ca6a9d3ce1bf3d2420b444334fef3a786a842f58b8acca83a4bd5580d937a
-
SHA512
d44f4565dc80971996f015c8219691825b1e588b28490717d9aa0f64c484117dbd76190c1234ba9eefb345c595601814e6cc68eb36bb627ccc6b4635d43b14a4
-
SSDEEP
3072:PD5YAoxP4ceZHIwMCIyB0g/Z/noutNsngh:Plq69IxDyBr/noSN
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-