Extracted

• • Target

    89ed672f2d81e02e3f7e84f2328e779b_JaffaCakes118

  • Size

    593KB

  • MD5

    89ed672f2d81e02e3f7e84f2328e779b

  • SHA1

    b3300c9f5a479cf6ce7ee8a9f0317b840fd89ec3

  • SHA256

    f065f75b80a311d58c797665a467658ccb5eeb5267b1cfb5989abfc948d1f5b7

  • SHA512

    e7672ee9cd6c04f2aed3be7ea331ce0b795a586159469c6e367ca140817a8ebac0a7c2fcf86091ecfee4bd37808df87780dbb5f4e4ab3fd0716a369215e2775d

  • SSDEEP

    12288:feJRN7fn5nPm52R/E3A9TVF/3M3MAQJ+lhBWtexuC4LgazPLjKKNqKAW:2jRn5Pm52RcQZ7/83MzsGexfopz3KKn

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2