General
-
Target
5334611154ece0394f574829071d4d49_JaffaCakes118
-
Size
665KB
-
Sample
240717-qtmmqawcqd
-
MD5
5334611154ece0394f574829071d4d49
-
SHA1
f33a196d71f3e4ececdc72d625d85a9c2fb5e280
-
SHA256
817388667aa622ad7cd226517a16db26dd4c4502c2802eb186fc98cfa3a464be
-
SHA512
017167fd408de6d881871b6e46cd39b6ac276efc5f6f086e4d68b9656e7d75d29271e8a6017f3b91ab0f0d195d831ff064dcb8b778983503b102724d00abea8a
-
SSDEEP
12288:sd6bQ3UXbEuUINrMiLhgQzqZER5ejS1lPqRg3XfdvsPQrqLYww73g70YqM:scbLNGxjHR+XdSYP73g1
Static task
static1
Behavioral task
behavioral1
Sample
5334611154ece0394f574829071d4d49_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5334611154ece0394f574829071d4d49_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
bl00dmaster.no-ip.org
Targets
-
-
Target
5334611154ece0394f574829071d4d49_JaffaCakes118
-
Size
665KB
-
MD5
5334611154ece0394f574829071d4d49
-
SHA1
f33a196d71f3e4ececdc72d625d85a9c2fb5e280
-
SHA256
817388667aa622ad7cd226517a16db26dd4c4502c2802eb186fc98cfa3a464be
-
SHA512
017167fd408de6d881871b6e46cd39b6ac276efc5f6f086e4d68b9656e7d75d29271e8a6017f3b91ab0f0d195d831ff064dcb8b778983503b102724d00abea8a
-
SSDEEP
12288:sd6bQ3UXbEuUINrMiLhgQzqZER5ejS1lPqRg3XfdvsPQrqLYww73g70YqM:scbLNGxjHR+XdSYP73g1
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-