General
-
Target
5a20504cee20faa9b49cc17601a028f5_JaffaCakes118
-
Size
111KB
-
Sample
240719-c49y4ssbla
-
MD5
5a20504cee20faa9b49cc17601a028f5
-
SHA1
f542fc73657ffd41ac5958e84a07115bf336c6d3
-
SHA256
7b549fb19246fd999a7781dd854b9a4325adcac1bb158b9043519a0cebaffd10
-
SHA512
2a22fc88da4b963c06b9ed0561cf42cd8935581e7a31857aaa806bd02d10d1791e155014e58576a0db227e8090578ca50765d8cc4b10a802205eb50494afdddc
-
SSDEEP
1536:gZW7LhSyuZh5IZpScr01+ga3XVMWB9fMcqhyLFkr/nyTkBXQmbUmb6:gkLcoScg1banKdBkZkr/nfBXQqUW6
Static task
static1
Behavioral task
behavioral1
Sample
5a20504cee20faa9b49cc17601a028f5_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
5a20504cee20faa9b49cc17601a028f5_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
5a20504cee20faa9b49cc17601a028f5_JaffaCakes118
-
Size
111KB
-
MD5
5a20504cee20faa9b49cc17601a028f5
-
SHA1
f542fc73657ffd41ac5958e84a07115bf336c6d3
-
SHA256
7b549fb19246fd999a7781dd854b9a4325adcac1bb158b9043519a0cebaffd10
-
SHA512
2a22fc88da4b963c06b9ed0561cf42cd8935581e7a31857aaa806bd02d10d1791e155014e58576a0db227e8090578ca50765d8cc4b10a802205eb50494afdddc
-
SSDEEP
1536:gZW7LhSyuZh5IZpScr01+ga3XVMWB9fMcqhyLFkr/nyTkBXQmbUmb6:gkLcoScg1banKdBkZkr/nfBXQqUW6
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-