General
-
Target
6a58f94b6553712c2f3b80174aa26051_JaffaCakes118
-
Size
84KB
-
Sample
241022-nzdwnavhmr
-
MD5
6a58f94b6553712c2f3b80174aa26051
-
SHA1
637304d1bd170f500123a212209e6931bb037f6e
-
SHA256
a47ce9e3c73e01ff95100faef7b414d26d8570f87fce3c0c72b863847bdc3328
-
SHA512
3891ff5aa9d0d0716d7b3fc91d890a68a4a826a7cc4aa0a61a0793b933c6f0211b84bc3477ea67145ee169aaecfd6b04daf60db4e765290f3139e24462469718
-
SSDEEP
1536:fG2EnTramCVTJ10e9yhVugW1FAAzWCb4pqZ1m4e2ggJ0x:fynvBCVTJ10ey0gW8AzWCbmqZ8ABA
Static task
static1
Behavioral task
behavioral1
Sample
6a58f94b6553712c2f3b80174aa26051_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
xtremerat
qwertyuiop.no-ip.biz
Targets
-
-
Target
6a58f94b6553712c2f3b80174aa26051_JaffaCakes118
-
Size
84KB
-
MD5
6a58f94b6553712c2f3b80174aa26051
-
SHA1
637304d1bd170f500123a212209e6931bb037f6e
-
SHA256
a47ce9e3c73e01ff95100faef7b414d26d8570f87fce3c0c72b863847bdc3328
-
SHA512
3891ff5aa9d0d0716d7b3fc91d890a68a4a826a7cc4aa0a61a0793b933c6f0211b84bc3477ea67145ee169aaecfd6b04daf60db4e765290f3139e24462469718
-
SSDEEP
1536:fG2EnTramCVTJ10e9yhVugW1FAAzWCb4pqZ1m4e2ggJ0x:fynvBCVTJ10ey0gW8AzWCbmqZ8ABA
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-