General
-
Target
54009613e47d93126d37dd7cb4a64534_JaffaCakes118
-
Size
769KB
-
Sample
241017-16feaazcqc
-
MD5
54009613e47d93126d37dd7cb4a64534
-
SHA1
fa0a507ddcd4dc8a17d85e74448702a2589f5582
-
SHA256
84079c86c2b28541dfd30a6593cd1c516cf3ceb6617e1b72c4df32e6e8b0889f
-
SHA512
522d4464727ea425f1e023cc26363124df6c84945472712dc348c9885e2f23bbbb880790e762b5f5249474798583d96bef1f65e9e0a4f756efb3eee73ac9572e
-
SSDEEP
24576:EoLwQGN2K3yWds0JkKyVDjVM8Qhpa0VUi6O:EoLljadsLhues
Static task
static1
Behavioral task
behavioral1
Sample
54009613e47d93126d37dd7cb4a64534_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
xtremerat
cuore.no-ip.org
Targets
-
-
Target
54009613e47d93126d37dd7cb4a64534_JaffaCakes118
-
Size
769KB
-
MD5
54009613e47d93126d37dd7cb4a64534
-
SHA1
fa0a507ddcd4dc8a17d85e74448702a2589f5582
-
SHA256
84079c86c2b28541dfd30a6593cd1c516cf3ceb6617e1b72c4df32e6e8b0889f
-
SHA512
522d4464727ea425f1e023cc26363124df6c84945472712dc348c9885e2f23bbbb880790e762b5f5249474798583d96bef1f65e9e0a4f756efb3eee73ac9572e
-
SSDEEP
24576:EoLwQGN2K3yWds0JkKyVDjVM8Qhpa0VUi6O:EoLljadsLhues
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-