General
-
Target
d1aaf9fd2e4767dfe82eb888c4205b1e_JaffaCakes118
-
Size
456KB
-
Sample
241207-k568ls1qap
-
MD5
d1aaf9fd2e4767dfe82eb888c4205b1e
-
SHA1
e010adfd5ffd743314e80189a345dcba195ca486
-
SHA256
b0045ea20acb65e758d1b076296a6f88a507085f4c3e868a71e0b841dc9c7fd9
-
SHA512
b057aa0b027956599ae0d9513590f4680b5cff4ad447463f944ec6d4bb141b528b3d318cdf78b49db8f25fddd914af2d8fe4948fdf06e706919a6581eedc017e
-
SSDEEP
3072:Thx1WtfihHHF9ruyAWrmkJIC8xVL9ejFif5dJElWwnt/FlMTpTC1w+5SB7YhIYCI:n8fmw+7hG6w1F
Static task
static1
Behavioral task
behavioral1
Sample
d1aaf9fd2e4767dfe82eb888c4205b1e_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d1aaf9fd2e4767dfe82eb888c4205b1e_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xtremerat
crazyguyz.no-ip.org
Targets
-
-
Target
d1aaf9fd2e4767dfe82eb888c4205b1e_JaffaCakes118
-
Size
456KB
-
MD5
d1aaf9fd2e4767dfe82eb888c4205b1e
-
SHA1
e010adfd5ffd743314e80189a345dcba195ca486
-
SHA256
b0045ea20acb65e758d1b076296a6f88a507085f4c3e868a71e0b841dc9c7fd9
-
SHA512
b057aa0b027956599ae0d9513590f4680b5cff4ad447463f944ec6d4bb141b528b3d318cdf78b49db8f25fddd914af2d8fe4948fdf06e706919a6581eedc017e
-
SSDEEP
3072:Thx1WtfihHHF9ruyAWrmkJIC8xVL9ejFif5dJElWwnt/FlMTpTC1w+5SB7YhIYCI:n8fmw+7hG6w1F
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Suspicious use of SetThreadContext
-