General
-
Target
5a9ce2a8c2354f081dc91d59b9e07681_JaffaCakes118
-
Size
132KB
-
Sample
240719-fzzjcsvajj
-
MD5
5a9ce2a8c2354f081dc91d59b9e07681
-
SHA1
900ca8e22f4f5e9786b698dc1bfc7216403fd697
-
SHA256
37e60d9d46f34797ada59d45fb51b3030790ec4934f17893544e465b5185ba11
-
SHA512
d4abbbf5c10fc2414b0bc0f5de9b59c3f0efa0c90ffb22e7bedc37781600fd7e80ba9e3e30adce7bae417403ffcf5cfc00b326eece9a6a727b0c24692d69ec8e
-
SSDEEP
3072:jQqf2UjjM3BqWjGU/P6yio/03KutlSSKMm:jrf2U/wCyiihvT
Static task
static1
Behavioral task
behavioral1
Sample
5a9ce2a8c2354f081dc91d59b9e07681_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
5a9ce2a8c2354f081dc91d59b9e07681_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
wer99.no-ip.org
Targets
-
-
Target
5a9ce2a8c2354f081dc91d59b9e07681_JaffaCakes118
-
Size
132KB
-
MD5
5a9ce2a8c2354f081dc91d59b9e07681
-
SHA1
900ca8e22f4f5e9786b698dc1bfc7216403fd697
-
SHA256
37e60d9d46f34797ada59d45fb51b3030790ec4934f17893544e465b5185ba11
-
SHA512
d4abbbf5c10fc2414b0bc0f5de9b59c3f0efa0c90ffb22e7bedc37781600fd7e80ba9e3e30adce7bae417403ffcf5cfc00b326eece9a6a727b0c24692d69ec8e
-
SSDEEP
3072:jQqf2UjjM3BqWjGU/P6yio/03KutlSSKMm:jrf2U/wCyiihvT
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-