General
-
Target
600bcafe6368257513bdfbb0dc8ca86d_JaffaCakes118
-
Size
162KB
-
Sample
240720-l5flbs1cka
-
MD5
600bcafe6368257513bdfbb0dc8ca86d
-
SHA1
c25a44731110c05d2d0836653bf8665267951d8c
-
SHA256
fb8730b23b3a9fbc11cab57b3371893fe191807b9f7b3deab70987d4940b0c66
-
SHA512
dfa5d44941d1f5690e9032b1bb151bf8755ad24bd1cc8523bc3dd9e8fd712f5f45915aaaa2b7d7bd02aa822222eb0a3a5b4afff5baf798680d4a589874c39587
-
SSDEEP
3072:rsvu7KXKJn26Vkc0yz8gXSOX7L/xDgR0Jj4Pzrc77OWw8x8cf:IvAqKJn26WPyzz//xDgR0Ic769/c
Static task
static1
Behavioral task
behavioral1
Sample
600bcafe6368257513bdfbb0dc8ca86d_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
600bcafe6368257513bdfbb0dc8ca86d_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
lover810.zapto.org
Targets
-
-
Target
600bcafe6368257513bdfbb0dc8ca86d_JaffaCakes118
-
Size
162KB
-
MD5
600bcafe6368257513bdfbb0dc8ca86d
-
SHA1
c25a44731110c05d2d0836653bf8665267951d8c
-
SHA256
fb8730b23b3a9fbc11cab57b3371893fe191807b9f7b3deab70987d4940b0c66
-
SHA512
dfa5d44941d1f5690e9032b1bb151bf8755ad24bd1cc8523bc3dd9e8fd712f5f45915aaaa2b7d7bd02aa822222eb0a3a5b4afff5baf798680d4a589874c39587
-
SSDEEP
3072:rsvu7KXKJn26Vkc0yz8gXSOX7L/xDgR0Jj4Pzrc77OWw8x8cf:IvAqKJn26WPyzz//xDgR0Ic769/c
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-