Extracted

• • Target

    8eb2020f1d3c549da4b6076341fa032f_JaffaCakes118

  • Size

    1.1MB

  • MD5

    8eb2020f1d3c549da4b6076341fa032f

  • SHA1

    9ead9c8b3fce65bd6ea30da4a401fac8425e8d0b

  • SHA256

    2abc906f7f08fb8a8d9eb9bdba17fc99a4c914dee6b24680175703c38d2e4a5f

  • SHA512

    71b61a111fb825e91c236ff7c4d654631fa142f68ebbc86560d1f70ebd141cc3b39af8316dd5fe0a436d1205c6b7040e97a44512c5601429883f9fa8f5eb1a22

  • SSDEEP

    24576:CaHMv6CorjqnyC8rMtBYp/MPHcOMgvf+QeS6v:C1vqjdC8rMtSVMvcOkQgv

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2