General
-
Target
32752f4c0ec05722e72aa55704c348e1_JaffaCakes118
-
Size
403KB
-
Sample
241011-anglhsvcqh
-
MD5
32752f4c0ec05722e72aa55704c348e1
-
SHA1
81c7dc96b47b1fac403205e5d401188c1894cf3d
-
SHA256
41f1724569f28ceea96bdfaad8b39b18aa14e23660f9954f17c9095839207563
-
SHA512
b1f7c15c7274f80782f36a62f1dd0c31bb4ad21988cd969ebb7bf1615bb8ca042b3e8e9b5a76fb048a2629eb926f3cc124b7e3c32fe417158bb953cfb83b8f9f
-
SSDEEP
6144:xs3oUvz4ZEoJNu1v/CCaeC0Tgi6ReN06oB:xstL4ZI7bjTgnZ
Static task
static1
Behavioral task
behavioral1
Sample
32752f4c0ec05722e72aa55704c348e1_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
xtremerat
trydrv.dydns.org
Targets
-
-
Target
32752f4c0ec05722e72aa55704c348e1_JaffaCakes118
-
Size
403KB
-
MD5
32752f4c0ec05722e72aa55704c348e1
-
SHA1
81c7dc96b47b1fac403205e5d401188c1894cf3d
-
SHA256
41f1724569f28ceea96bdfaad8b39b18aa14e23660f9954f17c9095839207563
-
SHA512
b1f7c15c7274f80782f36a62f1dd0c31bb4ad21988cd969ebb7bf1615bb8ca042b3e8e9b5a76fb048a2629eb926f3cc124b7e3c32fe417158bb953cfb83b8f9f
-
SSDEEP
6144:xs3oUvz4ZEoJNu1v/CCaeC0Tgi6ReN06oB:xstL4ZI7bjTgnZ
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-