General
-
Target
619f9d731ca2f8fb6fa1222c25b29b33_JaffaCakes118
-
Size
257KB
-
Sample
240721-181g8sxepf
-
MD5
619f9d731ca2f8fb6fa1222c25b29b33
-
SHA1
8bd7e0bf2a509a646ed8d8b52280369733436b78
-
SHA256
cdd357c09d51b39754f75e63591f7cd0a7d0156c67e873bf5a4a980056a4e0b9
-
SHA512
a2f5a0b13da794b113e056952cd9a9ce0059ebeed369eca8b5d6d3b076c5b55a5f8e4b7374cc69bcd67b046e2bb5a1c7733b9a4b977cd2fc01371509dacd726f
-
SSDEEP
6144:/SncRlvm8141en6mfFN2WfEjI75nuWDQbj:64g8141w6mNN7fn5nPm
Static task
static1
Behavioral task
behavioral1
Sample
619f9d731ca2f8fb6fa1222c25b29b33_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
619f9d731ca2f8fb6fa1222c25b29b33_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
da3sat.no-ip.biz
Targets
-
-
Target
619f9d731ca2f8fb6fa1222c25b29b33_JaffaCakes118
-
Size
257KB
-
MD5
619f9d731ca2f8fb6fa1222c25b29b33
-
SHA1
8bd7e0bf2a509a646ed8d8b52280369733436b78
-
SHA256
cdd357c09d51b39754f75e63591f7cd0a7d0156c67e873bf5a4a980056a4e0b9
-
SHA512
a2f5a0b13da794b113e056952cd9a9ce0059ebeed369eca8b5d6d3b076c5b55a5f8e4b7374cc69bcd67b046e2bb5a1c7733b9a4b977cd2fc01371509dacd726f
-
SSDEEP
6144:/SncRlvm8141en6mfFN2WfEjI75nuWDQbj:64g8141w6mNN7fn5nPm
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-