Extracted

• • Target

    abf87047a3d9e6b5ec33df1fa0bde0aa_JaffaCakes118

  • Size

    44KB

  • MD5

    abf87047a3d9e6b5ec33df1fa0bde0aa

  • SHA1

    0244f76b05b2cad723d4d740cc8a897d1004677d

  • SHA256

    f27986bac478bb3fed0775b55b8c45044ab12da9842eab5eccb2f476816ee7a1

  • SHA512

    170d26a70a7bbf631c5b2ebf2d97a3d88c6d7bbca2228241d6b250b4927db9231d18bb79fded07e19babb1ced93fbc0eb5fe39f5c30795933d782a48bc78c67f

  • SSDEEP

    768:rBr+tjFqTPkAlfzteF1lr6anEsmTg8uvm2DfOTwYPIazour:FyRUHlrU1lr6anITruvm2buQWour

  Score

  10^/10

  xtremeratdiscoverypersistenceratspyware

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2