General
-
Target
58842e46169d203b2767fe250ce19096_JaffaCakes118
-
Size
101KB
-
Sample
240718-wtnsnszgmp
-
MD5
58842e46169d203b2767fe250ce19096
-
SHA1
e2eef12504b892a7e19707c3d56ba161e0eea5dd
-
SHA256
3b6a3c7bf096024788126d7b614de9c63d35770b9b9259448bacd17f0afe7978
-
SHA512
5ea65e16b8b69d9792d98c5a3d1ac293b5de1b0379d1a22db2b90981ca6ae5dbd93d6ff1877639c1a641bf2bf5cdf7c0b5b2d905479fe972c9ef1eea6bd7db49
-
SSDEEP
1536:h7G6BX7Jt+CxukQqkc0361QBI2kWT2jYOUk5KdWpYJyTghZvj:h7Gad8CxukQqt0361Qy28CbUeyQ
Static task
static1
Behavioral task
behavioral1
Sample
58842e46169d203b2767fe250ce19096_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
58842e46169d203b2767fe250ce19096_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
black100.no-ip.biz
cantstop.no-ip.biz
Targets
-
-
Target
58842e46169d203b2767fe250ce19096_JaffaCakes118
-
Size
101KB
-
MD5
58842e46169d203b2767fe250ce19096
-
SHA1
e2eef12504b892a7e19707c3d56ba161e0eea5dd
-
SHA256
3b6a3c7bf096024788126d7b614de9c63d35770b9b9259448bacd17f0afe7978
-
SHA512
5ea65e16b8b69d9792d98c5a3d1ac293b5de1b0379d1a22db2b90981ca6ae5dbd93d6ff1877639c1a641bf2bf5cdf7c0b5b2d905479fe972c9ef1eea6bd7db49
-
SSDEEP
1536:h7G6BX7Jt+CxukQqkc0361QBI2kWT2jYOUk5KdWpYJyTghZvj:h7Gad8CxukQqt0361Qy28CbUeyQ
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-