General
-
Target
60a0719e80b7d2dfd55f6a7bb7e8b287_JaffaCakes118
-
Size
44KB
-
Sample
240721-qa5zysterj
-
MD5
60a0719e80b7d2dfd55f6a7bb7e8b287
-
SHA1
a22651f3e5c16cd9608958527bf4d081749ec18d
-
SHA256
c26742c22e08f46153f5f821555816e36c3657e8b1ff38d9f432422d4f9a72f6
-
SHA512
c9bd8f501bd24127f643c24db27f928253aa93d72d4db5c264c36110bb950a55e49573a3747172515dbcdcb8cadd4f883253f2fd58ef0fcfb0b3cfe16714f968
-
SSDEEP
768:rBr+tjFqTPkAlfztB1lr6an3smTA8uvm2HfOTwYPI0czo9a:FyRUHlrL1lr6an3TLuvm2/uQNo9a
Behavioral task
behavioral1
Sample
60a0719e80b7d2dfd55f6a7bb7e8b287_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
60a0719e80b7d2dfd55f6a7bb7e8b287_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
alajmi1992.zapto.org
Targets
-
-
Target
60a0719e80b7d2dfd55f6a7bb7e8b287_JaffaCakes118
-
Size
44KB
-
MD5
60a0719e80b7d2dfd55f6a7bb7e8b287
-
SHA1
a22651f3e5c16cd9608958527bf4d081749ec18d
-
SHA256
c26742c22e08f46153f5f821555816e36c3657e8b1ff38d9f432422d4f9a72f6
-
SHA512
c9bd8f501bd24127f643c24db27f928253aa93d72d4db5c264c36110bb950a55e49573a3747172515dbcdcb8cadd4f883253f2fd58ef0fcfb0b3cfe16714f968
-
SSDEEP
768:rBr+tjFqTPkAlfztB1lr6an3smTA8uvm2HfOTwYPI0czo9a:FyRUHlrL1lr6an3TLuvm2/uQNo9a
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-