General
-
Target
59789099526a83177922e7375f8b3265_JaffaCakes118
-
Size
55KB
-
Sample
240718-25jkzs1fkm
-
MD5
59789099526a83177922e7375f8b3265
-
SHA1
a0bfc1cb2c81e4fdb92ee26bf2ce8ca765f431eb
-
SHA256
88c2a0ad63b898e81109bc0eae0b9c419b572377587d3e2b870f62fd97181fc9
-
SHA512
dbd6a64466d57edb266490167ba82931d4b5c0b04f9fc83c9d50a0d1e263373126de954a8bff74d0e806691cc99b804fc931a410b2756db3eb2bae9b727e6e2d
-
SSDEEP
768:USRcEMPG+0Ux/vM/kr01X/bhM8G0g1++Q/dmTw8mZgG8GkMbxJtluybzRKZ:/XS0Uxvckr05b2/0inkcggDGPZVKZ
Static task
static1
Behavioral task
behavioral1
Sample
59789099526a83177922e7375f8b3265_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
59789099526a83177922e7375f8b3265_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
3m3m3m3m.no-ip.info
Targets
-
-
Target
59789099526a83177922e7375f8b3265_JaffaCakes118
-
Size
55KB
-
MD5
59789099526a83177922e7375f8b3265
-
SHA1
a0bfc1cb2c81e4fdb92ee26bf2ce8ca765f431eb
-
SHA256
88c2a0ad63b898e81109bc0eae0b9c419b572377587d3e2b870f62fd97181fc9
-
SHA512
dbd6a64466d57edb266490167ba82931d4b5c0b04f9fc83c9d50a0d1e263373126de954a8bff74d0e806691cc99b804fc931a410b2756db3eb2bae9b727e6e2d
-
SSDEEP
768:USRcEMPG+0Ux/vM/kr01X/bhM8G0g1++Q/dmTw8mZgG8GkMbxJtluybzRKZ:/XS0Uxvckr05b2/0inkcggDGPZVKZ
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-