General
-
Target
5f8892d7d84773f3c53187e2737df189_JaffaCakes118
-
Size
188KB
-
Sample
240720-h458tasapm
-
MD5
5f8892d7d84773f3c53187e2737df189
-
SHA1
f0024dc0a59afb0929a96f1ff8f8b6c9b166dbeb
-
SHA256
1cc1e551908272f70fc40bdfa035df3c546a8495c84cd55c2ed1e64579da39c9
-
SHA512
0de13eb614ff96a22079a394fc65db4b6f9df6517130a8fa18fac2c526702c58953a0ce32a2b51d32d5fb1e42acb54c3a1f7612622eefe05c420fcd28849a9c6
-
SSDEEP
3072:mNw+O2cVvUGZ76l/sIz/fnCfQU8b17KDCmPeiAxOfJFc5OoVuwYJ6ZgCkojWj1yc:v+OjVjul/l/fCfiJ7SPeiqguruNJZzoC
Static task
static1
Behavioral task
behavioral1
Sample
5f8892d7d84773f3c53187e2737df189_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5f8892d7d84773f3c53187e2737df189_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
5f8892d7d84773f3c53187e2737df189_JaffaCakes118
-
Size
188KB
-
MD5
5f8892d7d84773f3c53187e2737df189
-
SHA1
f0024dc0a59afb0929a96f1ff8f8b6c9b166dbeb
-
SHA256
1cc1e551908272f70fc40bdfa035df3c546a8495c84cd55c2ed1e64579da39c9
-
SHA512
0de13eb614ff96a22079a394fc65db4b6f9df6517130a8fa18fac2c526702c58953a0ce32a2b51d32d5fb1e42acb54c3a1f7612622eefe05c420fcd28849a9c6
-
SSDEEP
3072:mNw+O2cVvUGZ76l/sIz/fnCfQU8b17KDCmPeiAxOfJFc5OoVuwYJ6ZgCkojWj1yc:v+OjVjul/l/fCfiJ7SPeiqguruNJZzoC
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Disables Task Manager via registry modification
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-