General
-
Target
cfaf2f9f41187d2c3bde26abd44943ed_JaffaCakes118
-
Size
71KB
-
Sample
241206-31raps1kem
-
MD5
cfaf2f9f41187d2c3bde26abd44943ed
-
SHA1
0adf4ec0d322e9c4276c87e8e6a08cf41da60d54
-
SHA256
53650090b9038f83f9d9cb64768876abf59f6c0ad22fbb97050644ef09841a7a
-
SHA512
a6ce8955690870b4fe85a2bf78085e2a97f17a834b83f46fc6ae29c51bdfc5417058b60400e93c7b3c05fc4e1511c73424a8c9d3b668f8e56a19f42a9721e962
-
SSDEEP
1536:ObtbI4ZmN264cDWrZ9q5npFy5k1ufvrMK9SCgCnOV35:ObV4WrZIlKkAfvrMKthIp
Static task
static1
Behavioral task
behavioral1
Sample
cfaf2f9f41187d2c3bde26abd44943ed_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
xtremerat
Create sebirkan99.no-ip.biz
Targets
-
-
Target
cfaf2f9f41187d2c3bde26abd44943ed_JaffaCakes118
-
Size
71KB
-
MD5
cfaf2f9f41187d2c3bde26abd44943ed
-
SHA1
0adf4ec0d322e9c4276c87e8e6a08cf41da60d54
-
SHA256
53650090b9038f83f9d9cb64768876abf59f6c0ad22fbb97050644ef09841a7a
-
SHA512
a6ce8955690870b4fe85a2bf78085e2a97f17a834b83f46fc6ae29c51bdfc5417058b60400e93c7b3c05fc4e1511c73424a8c9d3b668f8e56a19f42a9721e962
-
SSDEEP
1536:ObtbI4ZmN264cDWrZ9q5npFy5k1ufvrMK9SCgCnOV35:ObV4WrZIlKkAfvrMKthIp
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-