General
-
Target
c79b5e7ac9336d4b2398fc6d59183e28_JaffaCakes118
-
Size
783KB
-
Sample
241205-n939astmgy
-
MD5
c79b5e7ac9336d4b2398fc6d59183e28
-
SHA1
3578d764f478110a10313e91025e8ac934c96b5f
-
SHA256
383b185ca47e74c648ef824b9158f0a7a58772863ec4292f01d3e55c12218baf
-
SHA512
0acd499658d1404eb34d90e31f5149768d020289fe6dc757488d8a4745896b4d7a93efd43086aca7cf8bc895391ba0db4c7638510b350113ecf08556dd347476
-
SSDEEP
12288:Yo2iE8n9yXz4LSiecUoSkBBjjPOMccUXas2HFGpQdyRTWAz:pb9yhrgHPFccAH2HFC5z
Static task
static1
Behavioral task
behavioral1
Sample
c79b5e7ac9336d4b2398fc6d59183e28_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
xtremerat
nerozhack.ddns.com.br
alonedevil.no-ip.org
gameszero.dyndns.org
Targets
-
-
Target
c79b5e7ac9336d4b2398fc6d59183e28_JaffaCakes118
-
Size
783KB
-
MD5
c79b5e7ac9336d4b2398fc6d59183e28
-
SHA1
3578d764f478110a10313e91025e8ac934c96b5f
-
SHA256
383b185ca47e74c648ef824b9158f0a7a58772863ec4292f01d3e55c12218baf
-
SHA512
0acd499658d1404eb34d90e31f5149768d020289fe6dc757488d8a4745896b4d7a93efd43086aca7cf8bc895391ba0db4c7638510b350113ecf08556dd347476
-
SSDEEP
12288:Yo2iE8n9yXz4LSiecUoSkBBjjPOMccUXas2HFGpQdyRTWAz:pb9yhrgHPFccAH2HFC5z
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Drops file in Drivers directory
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-