Extracted

• • Target

    b10f39667824d1849ce4a03eb9c080cd_JaffaCakes118

  • Size

    75KB

  • MD5

    b10f39667824d1849ce4a03eb9c080cd

  • SHA1

    c9c976b9da57d242e6083865ccaa54e6dd05f7fb

  • SHA256

    6b952d6ebb08de5eab2f3ea4c71e7180c3a94c414b3ce9a96a990e72b449b28d

  • SHA512

    84141d18910ef9671fa0c43bab870c5f8260e98b82606b19f52a28c86e7e97e2043bbe8c0a07022da3aeb72082ee50946b2d3706beeddc8790b2379c9bcbb3f1

  • SSDEEP

    1536:cj2qkSZZZ3gd4XUZuhgZWVg5gjwp9w0KOIeLrtqZ2:cjYUP4uhgZWV949w5ODHIZ2

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2