Extracted

• • Target

    b5a24a505974e2e4c67c206404b72830_JaffaCakes118

  • Size

    21KB

  • MD5

    b5a24a505974e2e4c67c206404b72830

  • SHA1

    41ad31e38cade379076b7a999038ebbeeaad9673

  • SHA256

    73cd5267e883a8ebcbb8897ff9a814708ab1964f8de7f3d57c540f6b19ca5244

  • SHA512

    db6c2c31c268b977a55ad1db7e3060f7337265bd25b01ccb5ae6c57a2c63a5dcac63043c0827278da84d492ec42975b40723c03728199d18ececc8813b88ebc5

  • SSDEEP

    384:rqIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlEZQVb3fnVvj9hpLR:uIsF81fG9QveLOYTe5YiyZQ3fp

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2