General
-
Target
610c60389bb2d176f86a37af0435237c_JaffaCakes118
-
Size
100KB
-
Sample
240721-xnkdqszgpb
-
MD5
610c60389bb2d176f86a37af0435237c
-
SHA1
4973cfc5baa9f96c88895bc1de7cd74267982fb7
-
SHA256
b5d7d08650ebd01098817fafd237455e88a436d34324497fe9b3c3d5c8fa732c
-
SHA512
f9d50b6cd516e08510584e9f009fb00509d6bae3a66d8c96d5ba68a2b0169eea606e2d1a46b56d31bb9c8e78363ae9522565d2b7d9c0196e913203448736cc8f
-
SSDEEP
768:5y2orWlnAqg2fg8l3FJAK4JQLLnTDLbPebvoj3tpUq4ddZWTn+qEo6ztHvgqthrI:mxJKnnfL4Koq4d7WL+S6ztP9thL56
Static task
static1
Behavioral task
behavioral1
Sample
610c60389bb2d176f86a37af0435237c_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
610c60389bb2d176f86a37af0435237c_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
610c60389bb2d176f86a37af0435237c_JaffaCakes118
-
Size
100KB
-
MD5
610c60389bb2d176f86a37af0435237c
-
SHA1
4973cfc5baa9f96c88895bc1de7cd74267982fb7
-
SHA256
b5d7d08650ebd01098817fafd237455e88a436d34324497fe9b3c3d5c8fa732c
-
SHA512
f9d50b6cd516e08510584e9f009fb00509d6bae3a66d8c96d5ba68a2b0169eea606e2d1a46b56d31bb9c8e78363ae9522565d2b7d9c0196e913203448736cc8f
-
SSDEEP
768:5y2orWlnAqg2fg8l3FJAK4JQLLnTDLbPebvoj3tpUq4ddZWTn+qEo6ztHvgqthrI:mxJKnnfL4Koq4d7WL+S6ztP9thL56
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-