General
-
Target
bc1eec3b5e375d606c62b50d7b3917d3_JaffaCakes118
-
Size
4.6MB
-
Sample
241203-hb14dstmgv
-
MD5
bc1eec3b5e375d606c62b50d7b3917d3
-
SHA1
9873a78eb7b9a5855347f4a858292b633364604b
-
SHA256
da0277751d8d440b235b95ed2c3403834299a54f88776933c2c19f9c7c6b8051
-
SHA512
76fe2bc45d6de7866778e80c09b63e2b12b3fd37e7a35274bd5fc46de66df7856ccb61dac911ad5c8c795dd4a979aaefa20d3fedb91ac15dceda80c32862b708
-
SSDEEP
98304:YOuJj/v+bBbbxhHzjp8e8+pkE2lNvh1ZzDj5:YOm+FbbvHzjF9pT2zZvzDj5
Malware Config
Targets
-
-
Target
bc1eec3b5e375d606c62b50d7b3917d3_JaffaCakes118
-
Size
4.6MB
-
MD5
bc1eec3b5e375d606c62b50d7b3917d3
-
SHA1
9873a78eb7b9a5855347f4a858292b633364604b
-
SHA256
da0277751d8d440b235b95ed2c3403834299a54f88776933c2c19f9c7c6b8051
-
SHA512
76fe2bc45d6de7866778e80c09b63e2b12b3fd37e7a35274bd5fc46de66df7856ccb61dac911ad5c8c795dd4a979aaefa20d3fedb91ac15dceda80c32862b708
-
SSDEEP
98304:YOuJj/v+bBbbxhHzjp8e8+pkE2lNvh1ZzDj5:YOm+FbbvHzjF9pT2zZvzDj5
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-