General
-
Target
6237e15f80aa4efaba522266e21f1231_JaffaCakes118
-
Size
61KB
-
Sample
240722-bqx7qathqd
-
MD5
6237e15f80aa4efaba522266e21f1231
-
SHA1
07425f44f698327862d73f04979c140d91ef72a1
-
SHA256
41399a57047307bb72a07d8e0f496bc22b69121692874dd9ef32d1f7bd2ae1c2
-
SHA512
f5a8b9e19b70a37ed11dcb7f11be52b0a7a6c4cb85e9b3c3c051466052268dbd1a0a5435cc52d043ee22179e238a38b868910bd8432f6f015166a43bc71b7752
-
SSDEEP
1536:9nykUEDRiAIbAIp59Fdo8Ee27SrPIEdCOBu2EFGP2N0MJud:9gIu9tiebrPXdCOBDOGPuw
Behavioral task
behavioral1
Sample
6237e15f80aa4efaba522266e21f1231_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
6237e15f80aa4efaba522266e21f1231_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
xtremerat
angham.no-ip.biz
Targets
-
-
Target
6237e15f80aa4efaba522266e21f1231_JaffaCakes118
-
Size
61KB
-
MD5
6237e15f80aa4efaba522266e21f1231
-
SHA1
07425f44f698327862d73f04979c140d91ef72a1
-
SHA256
41399a57047307bb72a07d8e0f496bc22b69121692874dd9ef32d1f7bd2ae1c2
-
SHA512
f5a8b9e19b70a37ed11dcb7f11be52b0a7a6c4cb85e9b3c3c051466052268dbd1a0a5435cc52d043ee22179e238a38b868910bd8432f6f015166a43bc71b7752
-
SSDEEP
1536:9nykUEDRiAIbAIp59Fdo8Ee27SrPIEdCOBu2EFGP2N0MJud:9gIu9tiebrPXdCOBDOGPuw
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-