General
-
Target
594aceb1003d4688c9daf9f0d5d76525_JaffaCakes118
-
Size
173KB
-
Sample
240718-16dwfsscpa
-
MD5
594aceb1003d4688c9daf9f0d5d76525
-
SHA1
c76f76779127cb42cc7efbf74fbee5bd95111b66
-
SHA256
4e1aecb981aff7290be96615cbde8107ef8a1fcfa11e40537b408958104c0bff
-
SHA512
2bf9134837ddef682fe478bd68fac5db15c0215b083db9714584e01bf81cf038548044efa958a4b4c1b7d11fd1130a85134de33820c28c94df7ea2aa540acc3d
-
SSDEEP
1536:Cu/eok4zFfmAs4HsNKuUXUtHd0XmyPE04b1sKiLRFbxSCu/DKOZtY4DU9bZRju0Z:Leok4RfTq8OKbvLx7CK0YUU9VzZ
Static task
static1
Behavioral task
behavioral1
Sample
594aceb1003d4688c9daf9f0d5d76525_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
594aceb1003d4688c9daf9f0d5d76525_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
freshness.dyndns-ip.com
Targets
-
-
Target
594aceb1003d4688c9daf9f0d5d76525_JaffaCakes118
-
Size
173KB
-
MD5
594aceb1003d4688c9daf9f0d5d76525
-
SHA1
c76f76779127cb42cc7efbf74fbee5bd95111b66
-
SHA256
4e1aecb981aff7290be96615cbde8107ef8a1fcfa11e40537b408958104c0bff
-
SHA512
2bf9134837ddef682fe478bd68fac5db15c0215b083db9714584e01bf81cf038548044efa958a4b4c1b7d11fd1130a85134de33820c28c94df7ea2aa540acc3d
-
SSDEEP
1536:Cu/eok4zFfmAs4HsNKuUXUtHd0XmyPE04b1sKiLRFbxSCu/DKOZtY4DU9bZRju0Z:Leok4RfTq8OKbvLx7CK0YUU9VzZ
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-