General
-
Target
834ee177dccb90d586156e4a1596d9e0_JaffaCakes118
-
Size
612KB
-
Sample
240802-gvhwgsvcmg
-
MD5
834ee177dccb90d586156e4a1596d9e0
-
SHA1
a35079e5ccec35cde48a895c10512e26d68138f1
-
SHA256
af32e7d59c778815276e7ca32535fe9048c80596d59d844876c58a455d9491d8
-
SHA512
47f435159a706cfc132a656d61a920ee385cede15bc2ec27b58032f653567555558daed641cdc15b666e30585e3c915d0506783d2bc43bc4798f9984d9cf17e2
-
SSDEEP
12288:aaoqwuhLcuEQhxkkGsLX4UkaUp77xCgp1spuQuQxOMTMUoAj65+q0jj:aaojuhLcuESLjk7PxT3ZXYMtAs8j
Malware Config
Targets
-
-
Target
834ee177dccb90d586156e4a1596d9e0_JaffaCakes118
-
Size
612KB
-
MD5
834ee177dccb90d586156e4a1596d9e0
-
SHA1
a35079e5ccec35cde48a895c10512e26d68138f1
-
SHA256
af32e7d59c778815276e7ca32535fe9048c80596d59d844876c58a455d9491d8
-
SHA512
47f435159a706cfc132a656d61a920ee385cede15bc2ec27b58032f653567555558daed641cdc15b666e30585e3c915d0506783d2bc43bc4798f9984d9cf17e2
-
SSDEEP
12288:aaoqwuhLcuEQhxkkGsLX4UkaUp77xCgp1spuQuQxOMTMUoAj65+q0jj:aaojuhLcuESLjk7PxT3ZXYMtAs8j
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-