General
-
Target
6017ffd3d9f1384de87181a6188dfc8f_JaffaCakes118
-
Size
170KB
-
Sample
240720-mc639axfpn
-
MD5
6017ffd3d9f1384de87181a6188dfc8f
-
SHA1
42a91366eb0690d8a75fa85ba7014c396bae96ca
-
SHA256
6694b408ab6915f466aec0b4d3c5a3cac1ba415b60f4b8f5622b5500d551dbb1
-
SHA512
dfa4c4c2483327d51ae3895c468ee0a876e8eb233829040910a284be91e420f3134b3d51a692104f8b26c77a861cd7d096c8a6810199cf64c777a17553f43d5c
-
SSDEEP
3072:TKEKmrDUskUVIKkAX/0L0rZmm1sJmvxHfi/R1+aJe1mgawzxsBub861jIHxownLj:TKE5IIL7JnYRUTV5nLrQLulIGsZ
Static task
static1
Behavioral task
behavioral1
Sample
6017ffd3d9f1384de87181a6188dfc8f_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
6017ffd3d9f1384de87181a6188dfc8f_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
6017ffd3d9f1384de87181a6188dfc8f_JaffaCakes118
-
Size
170KB
-
MD5
6017ffd3d9f1384de87181a6188dfc8f
-
SHA1
42a91366eb0690d8a75fa85ba7014c396bae96ca
-
SHA256
6694b408ab6915f466aec0b4d3c5a3cac1ba415b60f4b8f5622b5500d551dbb1
-
SHA512
dfa4c4c2483327d51ae3895c468ee0a876e8eb233829040910a284be91e420f3134b3d51a692104f8b26c77a861cd7d096c8a6810199cf64c777a17553f43d5c
-
SSDEEP
3072:TKEKmrDUskUVIKkAX/0L0rZmm1sJmvxHfi/R1+aJe1mgawzxsBub861jIHxownLj:TKE5IIL7JnYRUTV5nLrQLulIGsZ
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-