Extracted

• • Target

    54009613e47d93126d37dd7cb4a64534_JaffaCakes118

  • Size

    769KB

  • MD5

    54009613e47d93126d37dd7cb4a64534

  • SHA1

    fa0a507ddcd4dc8a17d85e74448702a2589f5582

  • SHA256

    84079c86c2b28541dfd30a6593cd1c516cf3ceb6617e1b72c4df32e6e8b0889f

  • SHA512

    522d4464727ea425f1e023cc26363124df6c84945472712dc348c9885e2f23bbbb880790e762b5f5249474798583d96bef1f65e9e0a4f756efb3eee73ac9572e

  • SSDEEP

    24576:EoLwQGN2K3yWds0JkKyVDjVM8Qhpa0VUi6O:EoLljadsLhues

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2