General
-
Target
60f31efe766ec4f07e2367848c7a0abb_JaffaCakes118
-
Size
258KB
-
Sample
240721-w44a4syhkc
-
MD5
60f31efe766ec4f07e2367848c7a0abb
-
SHA1
ccbbbbd5c440ac98ccc7e977626661c31e4e1b97
-
SHA256
ad53fe6aa2b0973da3ee42f95ac1858a3fee5d9fe001d35c5be3621916e44123
-
SHA512
2f0ddbdebb2c3186f828aa6d6da4f32efa4638237a4b14272cc232363ca0b221ed2a457f1d8b19c0a1c15d98098e210166b38c83115ff09113d1c88cbf4ebc84
-
SSDEEP
6144:1Y4juI1mZt7OWt7P+ihaBV5//lNRvTk+WrXUmXjNG:1Y4hcZ0Wtr+iEL/dTntS5G
Static task
static1
Behavioral task
behavioral1
Sample
60f31efe766ec4f07e2367848c7a0abb_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
60f31efe766ec4f07e2367848c7a0abb_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
xtremerat
hack123.no-ip.org
Targets
-
-
Target
60f31efe766ec4f07e2367848c7a0abb_JaffaCakes118
-
Size
258KB
-
MD5
60f31efe766ec4f07e2367848c7a0abb
-
SHA1
ccbbbbd5c440ac98ccc7e977626661c31e4e1b97
-
SHA256
ad53fe6aa2b0973da3ee42f95ac1858a3fee5d9fe001d35c5be3621916e44123
-
SHA512
2f0ddbdebb2c3186f828aa6d6da4f32efa4638237a4b14272cc232363ca0b221ed2a457f1d8b19c0a1c15d98098e210166b38c83115ff09113d1c88cbf4ebc84
-
SSDEEP
6144:1Y4juI1mZt7OWt7P+ihaBV5//lNRvTk+WrXUmXjNG:1Y4hcZ0Wtr+iEL/dTntS5G
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-