Extracted

• • Target

    c2a189976102cd5e6939b66025764e04_JaffaCakes118

  • Size

    704KB

  • MD5

    c2a189976102cd5e6939b66025764e04

  • SHA1

    eaa3fe10bfa8952620025c8cfeef135ff57ab041

  • SHA256

    d24478bb827dbfbc9fab5d0e124e04f0dc7bc74d226d86e6c1bd404de68a9788

  • SHA512

    2b53134e560abef63c0ecabed454a76772e1ef3506a66fe65297ea89cb5fe282a8e96a884c00a549f101153f12b208d471af16ee0d5d54649588cd18526ef93f

  • SSDEEP

    12288:t45MIjSBHm4JBOMO76QM3/+++lp1vHHVKV5gc0lvlF8qPBcIExFXDJiW7SI:tyDU/BOv6Q4+++BVMOlSqpctxviWOI

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2