General
-
Target
a3eedfcd12b826e53b2048b93e002d5e_JaffaCakes118
-
Size
57KB
-
Sample
240817-yrkpcawhjm
-
MD5
a3eedfcd12b826e53b2048b93e002d5e
-
SHA1
624ff28f3e8f9fdafeeb847d0a886521cc876342
-
SHA256
e720877f4d20ceaf53e96232a30939b531f4fafc1a01b92d84d171ce01679878
-
SHA512
09ac71fee733bf887c03f068856344ac193df9e9d13ffacaba40476f5109af36a476bbd2f49de50147a0684d0b3b95ca1d9140537bdf81fbdc1f24edf959bcfa
-
SSDEEP
1536:oTAsDTrEnCTaYyi+F4MI93aToTAgDyc5vYyfWytD1AbmypnTYTTTTTTTTTTTTTTe:CyHuMe3a01xf+kD14ZhiXoR
Static task
static1
Behavioral task
behavioral1
Sample
a3eedfcd12b826e53b2048b93e002d5e_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Targets
-
-
Target
a3eedfcd12b826e53b2048b93e002d5e_JaffaCakes118
-
Size
57KB
-
MD5
a3eedfcd12b826e53b2048b93e002d5e
-
SHA1
624ff28f3e8f9fdafeeb847d0a886521cc876342
-
SHA256
e720877f4d20ceaf53e96232a30939b531f4fafc1a01b92d84d171ce01679878
-
SHA512
09ac71fee733bf887c03f068856344ac193df9e9d13ffacaba40476f5109af36a476bbd2f49de50147a0684d0b3b95ca1d9140537bdf81fbdc1f24edf959bcfa
-
SSDEEP
1536:oTAsDTrEnCTaYyi+F4MI93aToTAgDyc5vYyfWytD1AbmypnTYTTTTTTTTTTTTTTe:CyHuMe3a01xf+kD14ZhiXoR
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-