General
-
Target
5fe939b56f4ee50a4e2212a24a153a65_JaffaCakes118
-
Size
201KB
-
Sample
240720-lcnfgazblh
-
MD5
5fe939b56f4ee50a4e2212a24a153a65
-
SHA1
c780193685cbd16dc44545aa6a0ed6be4df41382
-
SHA256
c3f9339ffa97cecb7bea9077bf11ffb9b248d2c84844b23012eee77fb3d5147b
-
SHA512
01de2672255afbe52eda3f6a26fd90e6848316dd9f9dc0a7e2b7e2fa4f4d9a4ba84a615e5337b2123d718d8a17a681f06c309c15268d75ac57b4ceb7a5f842c2
-
SSDEEP
6144:EjQCNj0nVW5GJZ2tNYLj8Mfs+ZAsawPo:EjQCNoVzYKj86s+ZAs
Static task
static1
Behavioral task
behavioral1
Sample
5fe939b56f4ee50a4e2212a24a153a65_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5fe939b56f4ee50a4e2212a24a153a65_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
sareey.no-ip.biz
Targets
-
-
Target
5fe939b56f4ee50a4e2212a24a153a65_JaffaCakes118
-
Size
201KB
-
MD5
5fe939b56f4ee50a4e2212a24a153a65
-
SHA1
c780193685cbd16dc44545aa6a0ed6be4df41382
-
SHA256
c3f9339ffa97cecb7bea9077bf11ffb9b248d2c84844b23012eee77fb3d5147b
-
SHA512
01de2672255afbe52eda3f6a26fd90e6848316dd9f9dc0a7e2b7e2fa4f4d9a4ba84a615e5337b2123d718d8a17a681f06c309c15268d75ac57b4ceb7a5f842c2
-
SSDEEP
6144:EjQCNj0nVW5GJZ2tNYLj8Mfs+ZAsawPo:EjQCNoVzYKj86s+ZAs
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-