General
-
Target
5f8d26f0396705c60b28f0bcc7d0fb5f_JaffaCakes118
-
Size
1.2MB
-
Sample
240720-h72psssbqq
-
MD5
5f8d26f0396705c60b28f0bcc7d0fb5f
-
SHA1
7b7c6f70b8bf3f9892add1511cdc8d20ed20dc8f
-
SHA256
5382c50d3123845d623994107fbac2a4830f7d78130940155324ca1b1222d940
-
SHA512
a5b1940fc97e4017ed796ad3df869782c4956f613beb493773a443492c8e496997352a440e836c1900d936a4c21bc58b216826921e1ee57c20a0f197694945d5
-
SSDEEP
24576:Xa/ndP+SOUFJgfnkEgSvW0gx00WdxoSAXEfF:Q8SO1fkEd22F
Static task
static1
Behavioral task
behavioral1
Sample
5f8d26f0396705c60b28f0bcc7d0fb5f_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5f8d26f0396705c60b28f0bcc7d0fb5f_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
daimoom3.zapto.org
Targets
-
-
Target
5f8d26f0396705c60b28f0bcc7d0fb5f_JaffaCakes118
-
Size
1.2MB
-
MD5
5f8d26f0396705c60b28f0bcc7d0fb5f
-
SHA1
7b7c6f70b8bf3f9892add1511cdc8d20ed20dc8f
-
SHA256
5382c50d3123845d623994107fbac2a4830f7d78130940155324ca1b1222d940
-
SHA512
a5b1940fc97e4017ed796ad3df869782c4956f613beb493773a443492c8e496997352a440e836c1900d936a4c21bc58b216826921e1ee57c20a0f197694945d5
-
SSDEEP
24576:Xa/ndP+SOUFJgfnkEgSvW0gx00WdxoSAXEfF:Q8SO1fkEd22F
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-