General
-
Target
61d9cf6a21f396dade366e52db64d783_JaffaCakes118
-
Size
676KB
-
Sample
240721-3eed1ssenr
-
MD5
61d9cf6a21f396dade366e52db64d783
-
SHA1
7083231e68fc487926d53fe4273c63b429bdd8ee
-
SHA256
2dbda3b5dbdcc257ab708d772a85a44a7359f81499eb28a09ca727a8be6cf1b7
-
SHA512
9cabb7ab036da1de093b8d0e3f2f4d70d9070f1387f45dbdec413726fc5da587ead7c74a3b112ed581b1b9ae4f89504c03ab0cecd76e667febcb3fd7f629d122
-
SSDEEP
12288:5Y2xVO8qkMmXCT9oied1+YKrBQbWvt4UWhlmvLi:WLi
Static task
static1
Behavioral task
behavioral1
Sample
61d9cf6a21f396dade366e52db64d783_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
61d9cf6a21f396dade366e52db64d783_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
rabah1627.zapto.org
Targets
-
-
Target
61d9cf6a21f396dade366e52db64d783_JaffaCakes118
-
Size
676KB
-
MD5
61d9cf6a21f396dade366e52db64d783
-
SHA1
7083231e68fc487926d53fe4273c63b429bdd8ee
-
SHA256
2dbda3b5dbdcc257ab708d772a85a44a7359f81499eb28a09ca727a8be6cf1b7
-
SHA512
9cabb7ab036da1de093b8d0e3f2f4d70d9070f1387f45dbdec413726fc5da587ead7c74a3b112ed581b1b9ae4f89504c03ab0cecd76e667febcb3fd7f629d122
-
SSDEEP
12288:5Y2xVO8qkMmXCT9oied1+YKrBQbWvt4UWhlmvLi:WLi
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-