General
-
Target
60385c92c7ff0da85b1d9bb132f4f762_JaffaCakes118
-
Size
380KB
-
Sample
240720-2c2wvszdmr
-
MD5
60385c92c7ff0da85b1d9bb132f4f762
-
SHA1
9e7c93e199ae10e26efa825b13decbec44739475
-
SHA256
8ca0952d352e03182a75d0f4b26228f3baa11482f52d13a16981533be4b4ea5b
-
SHA512
178adaab7088424bf9c4dc5e10b150e495a3aa9fb48fe09be7f55ed58e9f4da02c85eb5e2ae1efc648d2e8a9a28b44d2992d19e4630bf6d2342023ae19f8bb80
-
SSDEEP
3072:OxB4WlsyapE3C1u+h7xbz0YO5mAsmhmUSIIYD97KB/41/9gUTl3:GB4Q+XbYhmAsmDJblI/4P
Static task
static1
Behavioral task
behavioral1
Sample
60385c92c7ff0da85b1d9bb132f4f762_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
60385c92c7ff0da85b1d9bb132f4f762_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
lover810.zapto.org
Targets
-
-
Target
60385c92c7ff0da85b1d9bb132f4f762_JaffaCakes118
-
Size
380KB
-
MD5
60385c92c7ff0da85b1d9bb132f4f762
-
SHA1
9e7c93e199ae10e26efa825b13decbec44739475
-
SHA256
8ca0952d352e03182a75d0f4b26228f3baa11482f52d13a16981533be4b4ea5b
-
SHA512
178adaab7088424bf9c4dc5e10b150e495a3aa9fb48fe09be7f55ed58e9f4da02c85eb5e2ae1efc648d2e8a9a28b44d2992d19e4630bf6d2342023ae19f8bb80
-
SSDEEP
3072:OxB4WlsyapE3C1u+h7xbz0YO5mAsmhmUSIIYD97KB/41/9gUTl3:GB4Q+XbYhmAsmDJblI/4P
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-