General
-
Target
5982b55d30166329d2d4105b49d658e0_JaffaCakes118
-
Size
184KB
-
Sample
240718-3czbeavcpa
-
MD5
5982b55d30166329d2d4105b49d658e0
-
SHA1
32e25ff7dc6885cce1ae8c1d722dc3cb2d4cb7af
-
SHA256
556acd1eb7c7b2d088753fd493567070fefa5fb82873a94a872c16bd4ff06bac
-
SHA512
b55889795ca599ecef0774bf9ddde95817ef8994191043788ad954a467761746aef6aea94505011729510e2853e00ec05799ca3a91e2ac8a2f292c19a639cb89
-
SSDEEP
3072:WUefp08PSp//mqrlyQouF96HM0XUGXU2Fo21364EoiJeeI+StSqYLj8MfseRkAE7:WJfy8KhFpnVW5GJZ2tNYLj8MfsKsX43c
Static task
static1
Behavioral task
behavioral1
Sample
5982b55d30166329d2d4105b49d658e0_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5982b55d30166329d2d4105b49d658e0_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
123boof.no-ip.org
Targets
-
-
Target
5982b55d30166329d2d4105b49d658e0_JaffaCakes118
-
Size
184KB
-
MD5
5982b55d30166329d2d4105b49d658e0
-
SHA1
32e25ff7dc6885cce1ae8c1d722dc3cb2d4cb7af
-
SHA256
556acd1eb7c7b2d088753fd493567070fefa5fb82873a94a872c16bd4ff06bac
-
SHA512
b55889795ca599ecef0774bf9ddde95817ef8994191043788ad954a467761746aef6aea94505011729510e2853e00ec05799ca3a91e2ac8a2f292c19a639cb89
-
SSDEEP
3072:WUefp08PSp//mqrlyQouF96HM0XUGXU2Fo21364EoiJeeI+StSqYLj8MfseRkAE7:WJfy8KhFpnVW5GJZ2tNYLj8MfsKsX43c
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-