General
-
Target
546dae0132f9dac504e612c9dc3c4163_JaffaCakes118
-
Size
90KB
-
Sample
241018-ak4a4sxfmj
-
MD5
546dae0132f9dac504e612c9dc3c4163
-
SHA1
92068400766e11dac72a5376421db7509282baa1
-
SHA256
d3e050241bc051ef74ac9f29b00a6940e86b7d9a4e379f053af78c7158c7833d
-
SHA512
53e2290b2b296b8e3849863e814a38a2947c05a7ec954dedb3c0e2f83a1db309a49e766f57f9516fbc77fb1b8f4a18721f76602878ccd16eb0f28a9bb775aa27
-
SSDEEP
1536:4l/UOz1dnuEIkYhq6ka8sCDcSm76lXwlppxEBSs1yCdMrPkz55bfU:G/v7xIj0jsCpb9qjEs3QMrPu5rU
Malware Config
Extracted
xtremerat
fofo05333.no-ip.org
Targets
-
-
Target
546dae0132f9dac504e612c9dc3c4163_JaffaCakes118
-
Size
90KB
-
MD5
546dae0132f9dac504e612c9dc3c4163
-
SHA1
92068400766e11dac72a5376421db7509282baa1
-
SHA256
d3e050241bc051ef74ac9f29b00a6940e86b7d9a4e379f053af78c7158c7833d
-
SHA512
53e2290b2b296b8e3849863e814a38a2947c05a7ec954dedb3c0e2f83a1db309a49e766f57f9516fbc77fb1b8f4a18721f76602878ccd16eb0f28a9bb775aa27
-
SSDEEP
1536:4l/UOz1dnuEIkYhq6ka8sCDcSm76lXwlppxEBSs1yCdMrPkz55bfU:G/v7xIj0jsCpb9qjEs3QMrPu5rU
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-