Extracted

• • Target

    392f21ba73924a229a8b33a6bf35dd81_JaffaCakes118

  • Size

    374KB

  • MD5

    392f21ba73924a229a8b33a6bf35dd81

  • SHA1

    1fc3fc8b5e09819a743ed22aafd67c6f75f2bdfc

  • SHA256

    d8f930172b112f39b14280db5559629cef31daaa253c4da61fc030bdf75709e0

  • SHA512

    a7491cc15b03937f5410acdd9ffdfc7a138930efcf7548f91468fc1b4522f3a0eb0399b9d6ab7a878e78e7572953a89bc463826d72c4423607b460b6c82f08b3

  • SSDEEP

    6144:aeHjx2pJNHZCYJBJl1UU2O4cBTJhv4s5C8s9vCLAes5VI8s6zXI:nHjmJDrU+Dv4KpsR0AJY8Hz4

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2