General
-
Target
5362dfbd699bc9db369a583f2591d4a7_JaffaCakes118
-
Size
328KB
-
Sample
241017-yfph6asfmd
-
MD5
5362dfbd699bc9db369a583f2591d4a7
-
SHA1
fbbf6a0f58a8ab26dfd5b8a5b6343206a576f941
-
SHA256
30b1efaeb361d8c466686a4e03dc134a2ed3a684fa81618ee2ec2f0d5f66a7f4
-
SHA512
1d6da8759fcdaf4aaf832a1452631b31b82933053446ec26b2e676628fac36f0f860436eafc13624dd913fb5b18efa04b66573743ff0178723330424081e237d
-
SSDEEP
3072:cgR3xPLuCV0FxQo86uW6j3IPDnLJey+QL3l:lHVCxQo8M6jYLL0y+QL3
Static task
static1
Behavioral task
behavioral1
Sample
5362dfbd699bc9db369a583f2591d4a7_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5362dfbd699bc9db369a583f2591d4a7_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xtremerat
boika.zapto.org
Targets
-
-
Target
5362dfbd699bc9db369a583f2591d4a7_JaffaCakes118
-
Size
328KB
-
MD5
5362dfbd699bc9db369a583f2591d4a7
-
SHA1
fbbf6a0f58a8ab26dfd5b8a5b6343206a576f941
-
SHA256
30b1efaeb361d8c466686a4e03dc134a2ed3a684fa81618ee2ec2f0d5f66a7f4
-
SHA512
1d6da8759fcdaf4aaf832a1452631b31b82933053446ec26b2e676628fac36f0f860436eafc13624dd913fb5b18efa04b66573743ff0178723330424081e237d
-
SSDEEP
3072:cgR3xPLuCV0FxQo86uW6j3IPDnLJey+QL3l:lHVCxQo8M6jYLL0y+QL3
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-