General
-
Target
590433f876b83b78efb954900371c41c_JaffaCakes118
-
Size
312KB
-
Sample
241018-xry2astbpf
-
MD5
590433f876b83b78efb954900371c41c
-
SHA1
463f5a14a3165f77cd86011e123c783f5e0392df
-
SHA256
1bcf7ab9df0b2e8906a7f6ef06dcb2692130d0c6ccd387b1affd9e0780f037fe
-
SHA512
7da39ff77cd6c2e7fc6d1b76231662b6e604890176cd238284aa7f9684cd509f53cce2a5a36293c404d90d3caa0b91841cddc39f27f05d75aee95234e16ef306
-
SSDEEP
6144:KxK3EdhAcBWEEb/pKoG2uZOX6/78EHvlHxPgEN5K6zZLo6:9dGWEw/prGtYTatRoI5K6z9t
Static task
static1
Behavioral task
behavioral1
Sample
590433f876b83b78efb954900371c41c_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Extracted
xtremerat
iuyfdsghj.myvnc.com
Targets
-
-
Target
590433f876b83b78efb954900371c41c_JaffaCakes118
-
Size
312KB
-
MD5
590433f876b83b78efb954900371c41c
-
SHA1
463f5a14a3165f77cd86011e123c783f5e0392df
-
SHA256
1bcf7ab9df0b2e8906a7f6ef06dcb2692130d0c6ccd387b1affd9e0780f037fe
-
SHA512
7da39ff77cd6c2e7fc6d1b76231662b6e604890176cd238284aa7f9684cd509f53cce2a5a36293c404d90d3caa0b91841cddc39f27f05d75aee95234e16ef306
-
SSDEEP
6144:KxK3EdhAcBWEEb/pKoG2uZOX6/78EHvlHxPgEN5K6zZLo6:9dGWEw/prGtYTatRoI5K6z9t
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-