General
-
Target
a4e463031ef4f48b697b07d74beec04c_JaffaCakes118
-
Size
660KB
-
Sample
240818-b3yzsayckd
-
MD5
a4e463031ef4f48b697b07d74beec04c
-
SHA1
b83540a532ce919ea7131130985618e55a6b7016
-
SHA256
49c5a1e2801df9971f193834d23de7c2be2530c5a411207aae7ea205927d0e37
-
SHA512
c54247f2c637e8e081eb64da034b947c86212408fe71abbfeeabc1c6168c00a4fe12369dfddf8e18749252f17e9268b9fd802d0859c47544e67bb4d535af26c8
-
SSDEEP
12288:VagQFev7+0N1RUFtE2qv7+0N1RjAuLJqec:HQYvaKRUrqvaKR8X
Static task
static1
Behavioral task
behavioral1
Sample
a4e463031ef4f48b697b07d74beec04c_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
xtremerat
drdivil.no-ip.biz
Targets
-
-
Target
a4e463031ef4f48b697b07d74beec04c_JaffaCakes118
-
Size
660KB
-
MD5
a4e463031ef4f48b697b07d74beec04c
-
SHA1
b83540a532ce919ea7131130985618e55a6b7016
-
SHA256
49c5a1e2801df9971f193834d23de7c2be2530c5a411207aae7ea205927d0e37
-
SHA512
c54247f2c637e8e081eb64da034b947c86212408fe71abbfeeabc1c6168c00a4fe12369dfddf8e18749252f17e9268b9fd802d0859c47544e67bb4d535af26c8
-
SSDEEP
12288:VagQFev7+0N1RUFtE2qv7+0N1RjAuLJqec:HQYvaKRUrqvaKR8X
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-