General
-
Target
593734a135beac4fbe31724c6248250f_JaffaCakes118
-
Size
682KB
-
Sample
241018-y1xp9swdkd
-
MD5
593734a135beac4fbe31724c6248250f
-
SHA1
6a59b202f34388d0ced84aa8b92ce0231b34ba42
-
SHA256
88914e25aafe2cc4c2b7ddce992a6bf7ad74d3bb00e47621316c5a0b510de0c1
-
SHA512
0c24dcedf4cbe0d416e2a5e983d8462b3f221ff015cae5fe15c6175555eb6c9695de919b0517315a4fb1eaa448d0e92548ff0b937880952c9e9687afe1c86ed2
-
SSDEEP
12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aX1DQj:uRmJkcoQricOIQxiZY1iaXJ8
Static task
static1
Behavioral task
behavioral1
Sample
593734a135beac4fbe31724c6248250f_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
xtremerat
hossamnolove.no-ip.org
Targets
-
-
Target
593734a135beac4fbe31724c6248250f_JaffaCakes118
-
Size
682KB
-
MD5
593734a135beac4fbe31724c6248250f
-
SHA1
6a59b202f34388d0ced84aa8b92ce0231b34ba42
-
SHA256
88914e25aafe2cc4c2b7ddce992a6bf7ad74d3bb00e47621316c5a0b510de0c1
-
SHA512
0c24dcedf4cbe0d416e2a5e983d8462b3f221ff015cae5fe15c6175555eb6c9695de919b0517315a4fb1eaa448d0e92548ff0b937880952c9e9687afe1c86ed2
-
SSDEEP
12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aX1DQj:uRmJkcoQricOIQxiZY1iaXJ8
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-