General
-
Target
cf47df29e9045c561027be3b2a30fe74_JaffaCakes118
-
Size
456KB
-
Sample
241206-137dlazphz
-
MD5
cf47df29e9045c561027be3b2a30fe74
-
SHA1
687bda6bf9dff3bdf17d59b6c999a810b73ae474
-
SHA256
82ab818a85445a988dc1112048c3ef1cde154d1a394eee13b0ba00bf208161ee
-
SHA512
9741b25b498e96f56caa46a7c7a645b59713266ba1d232227b0ce33f664f1c2bc709dcc76c21434be074e4739db80be87cdb7a03d863ee5d7feba1d7a1e71b8b
-
SSDEEP
3072:2YqZZPztvLI1lytnUpOnYLKSFdUieiZQwMIJN/fAw65XVS11I2VTn2d5ipflH4FM:2YqypOYTTeiQwMN95xI2eZ46r11B69
Static task
static1
Behavioral task
behavioral1
Sample
cf47df29e9045c561027be3b2a30fe74_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
xtremerat
matthieu.no-ip.biz
Targets
-
-
Target
cf47df29e9045c561027be3b2a30fe74_JaffaCakes118
-
Size
456KB
-
MD5
cf47df29e9045c561027be3b2a30fe74
-
SHA1
687bda6bf9dff3bdf17d59b6c999a810b73ae474
-
SHA256
82ab818a85445a988dc1112048c3ef1cde154d1a394eee13b0ba00bf208161ee
-
SHA512
9741b25b498e96f56caa46a7c7a645b59713266ba1d232227b0ce33f664f1c2bc709dcc76c21434be074e4739db80be87cdb7a03d863ee5d7feba1d7a1e71b8b
-
SSDEEP
3072:2YqZZPztvLI1lytnUpOnYLKSFdUieiZQwMIJN/fAw65XVS11I2VTn2d5ipflH4FM:2YqypOYTTeiQwMN95xI2eZ46r11B69
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Suspicious use of SetThreadContext
-