Extracted

• • Target

    a90a788f257fcb6fb27f2add6c966340_JaffaCakes118

  • Size

    139KB

  • MD5

    a90a788f257fcb6fb27f2add6c966340

  • SHA1

    963c8589e873f43f984db75c01b5e8ba5acfd172

  • SHA256

    178505b0fe241c1e1e404e8258b460a3435acfba0434052dd2aec363aff7a0c8

  • SHA512

    684f5f8b14e83a0e820676a2ef21918f7adfc63be3274a5a3376f96386d7a7c0add06791759f81cd289db0da6a706055ea040009ce7a0c746e533ae6d1a252d9

  • SSDEEP

    3072:G/v7xIj0jsCpbDRheP5AQ8JSR+VnI14xn0azFRZ0IJxtSO3TvRdr:MdJjrpfuESR+VnIyx1zFRPxjNdr

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Drops desktop.ini file(s)

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2