General
-
Target
5843a5a9972869ae244e0f94624842c1_JaffaCakes118
-
Size
956KB
-
Sample
240718-vef9lsxfqk
-
MD5
5843a5a9972869ae244e0f94624842c1
-
SHA1
4c3e35757ad34fcc3a4a15901235cdf3086ec524
-
SHA256
4fabbcaf141afb09f68b991f54e215ec35b1a4116444d066ec22c436bfb9d8cf
-
SHA512
e16607a97cfaee24d459cd2602cf4cb95810e7b3bc14568523c0537cfc4c79ddb502f7e4225890f7aa12fc8211cfef27a4fc0cd5fb2280315ada6ee9a9449092
-
SSDEEP
6144:fQXBlM0IraBCDorABav1WaoiAdraBCDoAc769/c:4xO0IraBX9WrraByc769k
Static task
static1
Behavioral task
behavioral1
Sample
5843a5a9972869ae244e0f94624842c1_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
5843a5a9972869ae244e0f94624842c1_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
wer99.no-ip.org
Targets
-
-
Target
5843a5a9972869ae244e0f94624842c1_JaffaCakes118
-
Size
956KB
-
MD5
5843a5a9972869ae244e0f94624842c1
-
SHA1
4c3e35757ad34fcc3a4a15901235cdf3086ec524
-
SHA256
4fabbcaf141afb09f68b991f54e215ec35b1a4116444d066ec22c436bfb9d8cf
-
SHA512
e16607a97cfaee24d459cd2602cf4cb95810e7b3bc14568523c0537cfc4c79ddb502f7e4225890f7aa12fc8211cfef27a4fc0cd5fb2280315ada6ee9a9449092
-
SSDEEP
6144:fQXBlM0IraBCDorABav1WaoiAdraBCDoAc769/c:4xO0IraBX9WrraByc769k
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-