General
-
Target
a4318d183e12cbcbf19368e39c99e327_JaffaCakes118
-
Size
227KB
-
Sample
240817-z96j7sxfqg
-
MD5
a4318d183e12cbcbf19368e39c99e327
-
SHA1
20f9e42276799555a0c9c1305601e6293f0713f5
-
SHA256
84aa3d66b2a2820614e737c758d404bd624095a214928d3366f7fd27cfb2fd54
-
SHA512
1c00c7e7075928e8a7e5e1086acbe8f134d0590ee9852a7eb9bf7a2ced238299b37335aca001710c968a9811f1fa9a9383b3143bc38b752f4a8201829b85590c
-
SSDEEP
3072:RVsZHl3fcdjX5vE//3Ll3fcdjX5vE//34:R6lPcdD5kLlPcdD5k4
Static task
static1
Behavioral task
behavioral1
Sample
a4318d183e12cbcbf19368e39c99e327_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
xtremerat
demone2011.no-ip.org
Targets
-
-
Target
a4318d183e12cbcbf19368e39c99e327_JaffaCakes118
-
Size
227KB
-
MD5
a4318d183e12cbcbf19368e39c99e327
-
SHA1
20f9e42276799555a0c9c1305601e6293f0713f5
-
SHA256
84aa3d66b2a2820614e737c758d404bd624095a214928d3366f7fd27cfb2fd54
-
SHA512
1c00c7e7075928e8a7e5e1086acbe8f134d0590ee9852a7eb9bf7a2ced238299b37335aca001710c968a9811f1fa9a9383b3143bc38b752f4a8201829b85590c
-
SSDEEP
3072:RVsZHl3fcdjX5vE//3Ll3fcdjX5vE//34:R6lPcdD5kLlPcdD5k4
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-