General
-
Target
60ace43e0e465643592501a6a5484c85_JaffaCakes118
-
Size
94KB
-
Sample
240721-qwjc3svblq
-
MD5
60ace43e0e465643592501a6a5484c85
-
SHA1
a4be2574cae7ced42eeb4ac824808c41ab721a1d
-
SHA256
62fa8a7451660cb42ff1774788737ae0e2364e0c0f0eef2c63e7a2cf55d3dcb0
-
SHA512
87e8da5444608924e3de3f41ffe846791f9982ef077608a3c59764812b4f98d808bac88070bf93ec97f00eef1ec3e823366b4bab093db71f846e976b8160c1d1
-
SSDEEP
1536:ELLUmBiJz0QWIeNnA/Er+Ptn1UrSSphXIHl2ddC/Wcaxg1N:0c0UeNA86FqrSSrXIlMA1/1N
Behavioral task
behavioral1
Sample
60ace43e0e465643592501a6a5484c85_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
60ace43e0e465643592501a6a5484c85_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
jooh2010.no-ip.biz
Targets
-
-
Target
60ace43e0e465643592501a6a5484c85_JaffaCakes118
-
Size
94KB
-
MD5
60ace43e0e465643592501a6a5484c85
-
SHA1
a4be2574cae7ced42eeb4ac824808c41ab721a1d
-
SHA256
62fa8a7451660cb42ff1774788737ae0e2364e0c0f0eef2c63e7a2cf55d3dcb0
-
SHA512
87e8da5444608924e3de3f41ffe846791f9982ef077608a3c59764812b4f98d808bac88070bf93ec97f00eef1ec3e823366b4bab093db71f846e976b8160c1d1
-
SSDEEP
1536:ELLUmBiJz0QWIeNnA/Er+Ptn1UrSSphXIHl2ddC/Wcaxg1N:0c0UeNA86FqrSSrXIlMA1/1N
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-