General
-
Target
60ab9462c29fdf1a9a6567af33eeedf1_JaffaCakes118
-
Size
1008KB
-
Sample
240721-qtzbhssdqc
-
MD5
60ab9462c29fdf1a9a6567af33eeedf1
-
SHA1
b594cb8a4e908113f431025d8d41d92711777e20
-
SHA256
6273eac22f07ddf6ba10e2a8cb14850abd082f085c1ff003922d632dcb4b0c93
-
SHA512
2a3549b5d118e4c050d16f0fdb123a34b87b4a0804b9f0f18b2f5703a60eb50ada03cb30e0c71dda9a0bf25f6de5d76879db65727faeee509d568416d3776610
-
SSDEEP
6144:49yXytgk9yXytgrDvLrDvLyKimnKmn4n+nO9yXytgk9yXytgrDvLrDvLyKimnKmR:2JgvLPvLSvB+EJgvLPvLSvB+DeUjvLC
Static task
static1
Behavioral task
behavioral1
Sample
60ab9462c29fdf1a9a6567af33eeedf1_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
60ab9462c29fdf1a9a6567af33eeedf1_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
kinh0.no-ip.org
kinh1.no-ip.info
Targets
-
-
Target
60ab9462c29fdf1a9a6567af33eeedf1_JaffaCakes118
-
Size
1008KB
-
MD5
60ab9462c29fdf1a9a6567af33eeedf1
-
SHA1
b594cb8a4e908113f431025d8d41d92711777e20
-
SHA256
6273eac22f07ddf6ba10e2a8cb14850abd082f085c1ff003922d632dcb4b0c93
-
SHA512
2a3549b5d118e4c050d16f0fdb123a34b87b4a0804b9f0f18b2f5703a60eb50ada03cb30e0c71dda9a0bf25f6de5d76879db65727faeee509d568416d3776610
-
SSDEEP
6144:49yXytgk9yXytgrDvLrDvLyKimnKmn4n+nO9yXytgk9yXytgrDvLrDvLyKimnKmR:2JgvLPvLSvB+EJgvLPvLSvB+DeUjvLC
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-