General
-
Target
5a0b097f17aa4e0c0328c28c504c2e0f_JaffaCakes118
-
Size
175KB
-
Sample
240719-ckq2wsxgqj
-
MD5
5a0b097f17aa4e0c0328c28c504c2e0f
-
SHA1
5a443bbbf78ca80e781cdb0ee85bbb14f394881b
-
SHA256
c70b11772cad5d43482ce1cdb5309d0e9b7ce9ffb6a34be4d9ba3d9a0952c2ac
-
SHA512
775a3acb5c473439ae94568f10aa04ca9ae44cc3d6225a9105067884f0a5f5c5e7207eb303fb9a6d2ff49395226db40a82cbe1c61527284cac9f2c263323c72b
-
SSDEEP
1536:G7YH8A8VNm8GG88gm6g7UJW1vGA4VCKTIe1dgHOwU:R2VNmbG886g7MW1vYrIEd4PU
Static task
static1
Behavioral task
behavioral1
Sample
5a0b097f17aa4e0c0328c28c504c2e0f_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5a0b097f17aa4e0c0328c28c504c2e0f_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
raoufskull.no-ip.org
Targets
-
-
Target
5a0b097f17aa4e0c0328c28c504c2e0f_JaffaCakes118
-
Size
175KB
-
MD5
5a0b097f17aa4e0c0328c28c504c2e0f
-
SHA1
5a443bbbf78ca80e781cdb0ee85bbb14f394881b
-
SHA256
c70b11772cad5d43482ce1cdb5309d0e9b7ce9ffb6a34be4d9ba3d9a0952c2ac
-
SHA512
775a3acb5c473439ae94568f10aa04ca9ae44cc3d6225a9105067884f0a5f5c5e7207eb303fb9a6d2ff49395226db40a82cbe1c61527284cac9f2c263323c72b
-
SSDEEP
1536:G7YH8A8VNm8GG88gm6g7UJW1vGA4VCKTIe1dgHOwU:R2VNmbG886g7MW1vYrIEd4PU
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-