General
-
Target
59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118
-
Size
812KB
-
Sample
240719-bl1gaayfja
-
MD5
59dd98bab0a9838f1122d21021d9bb86
-
SHA1
6c0640892eb738b868225c1d0b96fdbc390782ae
-
SHA256
f9adc4f7e8e13e652e9a31525c191903d5efe9b0deb91caf715548e59898c216
-
SHA512
7dc256bfe77af2a597ef77504d8689c48b7cb1562e5867c37d03f0689642787abbd2850e19202568f475c865f917c327db01abbbbb0b4bf3b8a2f60fb383ccc2
-
SSDEEP
3072:k6ihx8eTdl+fy2UcKpSDUE/ctuTr0IWsgZ7TG6aZkBrl/PsWy0DRIsFcQASX7+O0:Ce2D68wVn6A8Y8sD
Static task
static1
Behavioral task
behavioral1
Sample
59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
59dd98bab0a9838f1122d21021d9bb86_JaffaCakes118
-
Size
812KB
-
MD5
59dd98bab0a9838f1122d21021d9bb86
-
SHA1
6c0640892eb738b868225c1d0b96fdbc390782ae
-
SHA256
f9adc4f7e8e13e652e9a31525c191903d5efe9b0deb91caf715548e59898c216
-
SHA512
7dc256bfe77af2a597ef77504d8689c48b7cb1562e5867c37d03f0689642787abbd2850e19202568f475c865f917c327db01abbbbb0b4bf3b8a2f60fb383ccc2
-
SSDEEP
3072:k6ihx8eTdl+fy2UcKpSDUE/ctuTr0IWsgZ7TG6aZkBrl/PsWy0DRIsFcQASX7+O0:Ce2D68wVn6A8Y8sD
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-