General
-
Target
a38ab04cfbbe217116f1df6edf29fb95_JaffaCakes118
-
Size
273KB
-
Sample
240817-wg1lpsycqb
-
MD5
a38ab04cfbbe217116f1df6edf29fb95
-
SHA1
ff6b01d2c30b2b3b75347e9cf40f8f91fe820cce
-
SHA256
873479926520a2c22096da51d4018c66a9610bc5dd481de8f20c2f0b18789dca
-
SHA512
1cf3edf378630edb0cf7355d07f95c9690f3b803ed3e8f182bcecf7981488e2df7f0b7b265c9bccc493dd0f7acea9468a312fbe217bfa93484b6e92cd39bb3ad
-
SSDEEP
3072:zxexkMNY+4n8iVMMSJ3Gso2APwDDzThAzNtVsYk2OA7LVwskRFUYvZMQLWEeMPwN:16k/+4nNvvvIDX92LkvUlEoSMK0T26
Static task
static1
Behavioral task
behavioral1
Sample
a38ab04cfbbe217116f1df6edf29fb95_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
a38ab04cfbbe217116f1df6edf29fb95_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
xtremerat
lepra.sytes.net
Targets
-
-
Target
a38ab04cfbbe217116f1df6edf29fb95_JaffaCakes118
-
Size
273KB
-
MD5
a38ab04cfbbe217116f1df6edf29fb95
-
SHA1
ff6b01d2c30b2b3b75347e9cf40f8f91fe820cce
-
SHA256
873479926520a2c22096da51d4018c66a9610bc5dd481de8f20c2f0b18789dca
-
SHA512
1cf3edf378630edb0cf7355d07f95c9690f3b803ed3e8f182bcecf7981488e2df7f0b7b265c9bccc493dd0f7acea9468a312fbe217bfa93484b6e92cd39bb3ad
-
SSDEEP
3072:zxexkMNY+4n8iVMMSJ3Gso2APwDDzThAzNtVsYk2OA7LVwskRFUYvZMQLWEeMPwN:16k/+4nNvvvIDX92LkvUlEoSMK0T26
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-