General
-
Target
5a30802dd3eb72136c26162acf898260_JaffaCakes118
-
Size
508KB
-
Sample
240719-deebkssfpc
-
MD5
5a30802dd3eb72136c26162acf898260
-
SHA1
07493a952d2bc2f746af92027e5f360db53b2efb
-
SHA256
899252cbedae448aae9211f74f19f78ba6737e3d55ab606308ed81f8fe58cd03
-
SHA512
ebecc4af58db4a5e4e5f95fdc8b040b1bbc63692931649f3422361a998458a953412e46bd6ae20bd7de093188ba23ab4123e099587488519ed0882d0dc304829
-
SSDEEP
6144:gF1AFJKPQOPOY36TpfgSfLJM4R/Ai3lVZD04o:+jIOGd5NAwlfBo
Static task
static1
Behavioral task
behavioral1
Sample
5a30802dd3eb72136c26162acf898260_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5a30802dd3eb72136c26162acf898260_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
xtremerat
shakur2.dyndns.biz
Targets
-
-
Target
5a30802dd3eb72136c26162acf898260_JaffaCakes118
-
Size
508KB
-
MD5
5a30802dd3eb72136c26162acf898260
-
SHA1
07493a952d2bc2f746af92027e5f360db53b2efb
-
SHA256
899252cbedae448aae9211f74f19f78ba6737e3d55ab606308ed81f8fe58cd03
-
SHA512
ebecc4af58db4a5e4e5f95fdc8b040b1bbc63692931649f3422361a998458a953412e46bd6ae20bd7de093188ba23ab4123e099587488519ed0882d0dc304829
-
SSDEEP
6144:gF1AFJKPQOPOY36TpfgSfLJM4R/Ai3lVZD04o:+jIOGd5NAwlfBo
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-