General
-
Target
584b41f0fee8949c6c84f24de0941797_JaffaCakes118
-
Size
360KB
-
Sample
240718-vklfhs1dmd
-
MD5
584b41f0fee8949c6c84f24de0941797
-
SHA1
48a9fd4e651a72c05eacb8f2db2991081d154c6c
-
SHA256
a0745290d0606da8b5099cb4c17565481792538a75ccfbbf36021b720985615d
-
SHA512
2fdaf0de3c86660fd7b4ed35fcb0b134170093c0b9f4cfc88e9611ddcb127be9cba80af13096bb93c8bb5c19646624440d9f6a2e5d0b8088310fad416a3cde48
-
SSDEEP
6144:3qUA2Hcyjx0BPzpJhZw7gn5KGgPhsnVW5GJZ2tNYLj8MfsnfK5ysOzo:3AmKBPzpJhAgnAzSVzYKj86swg8
Static task
static1
Behavioral task
behavioral1
Sample
584b41f0fee8949c6c84f24de0941797_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
584b41f0fee8949c6c84f24de0941797_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
cescmouad.zapto.org
Targets
-
-
Target
584b41f0fee8949c6c84f24de0941797_JaffaCakes118
-
Size
360KB
-
MD5
584b41f0fee8949c6c84f24de0941797
-
SHA1
48a9fd4e651a72c05eacb8f2db2991081d154c6c
-
SHA256
a0745290d0606da8b5099cb4c17565481792538a75ccfbbf36021b720985615d
-
SHA512
2fdaf0de3c86660fd7b4ed35fcb0b134170093c0b9f4cfc88e9611ddcb127be9cba80af13096bb93c8bb5c19646624440d9f6a2e5d0b8088310fad416a3cde48
-
SSDEEP
6144:3qUA2Hcyjx0BPzpJhZw7gn5KGgPhsnVW5GJZ2tNYLj8MfsnfK5ysOzo:3AmKBPzpJhAgnAzSVzYKj86swg8
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-