General
-
Target
31aa79e3f13fb921c5c82f99b2be43b0_JaffaCakes118
-
Size
645KB
-
Sample
241010-y3x4tavcrc
-
MD5
31aa79e3f13fb921c5c82f99b2be43b0
-
SHA1
8c0d87f13c4bdd9ceb5d6da4c8d25ed8505a66a0
-
SHA256
6de0b43d0a69e1c44569ec42316823f65696e29c11fd4db771264e66222947ea
-
SHA512
380c5aa5b51816247b4709c327c31f91f9b14a44c534c9bac30a36c7030e4c5d5ba20d46faa05e5e76fff0d7a647a020868a6b3a7c41da8f857ecf41b158ac54
-
SSDEEP
12288:VQZuOro7YNQN2YcKify3iC8ut0i1oQjUZbvFFF/Dr5uiuF4:VnPwQgsiK3AcIXFFf5uiuF4
Static task
static1
Behavioral task
behavioral1
Sample
31aa79e3f13fb921c5c82f99b2be43b0_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
xtremerat
nando1.no-ip.org
Targets
-
-
Target
31aa79e3f13fb921c5c82f99b2be43b0_JaffaCakes118
-
Size
645KB
-
MD5
31aa79e3f13fb921c5c82f99b2be43b0
-
SHA1
8c0d87f13c4bdd9ceb5d6da4c8d25ed8505a66a0
-
SHA256
6de0b43d0a69e1c44569ec42316823f65696e29c11fd4db771264e66222947ea
-
SHA512
380c5aa5b51816247b4709c327c31f91f9b14a44c534c9bac30a36c7030e4c5d5ba20d46faa05e5e76fff0d7a647a020868a6b3a7c41da8f857ecf41b158ac54
-
SSDEEP
12288:VQZuOro7YNQN2YcKify3iC8ut0i1oQjUZbvFFF/Dr5uiuF4:VnPwQgsiK3AcIXFFf5uiuF4
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-