General
-
Target
d9a7217dc9e564ec15aa4493f59eb421_JaffaCakes118
-
Size
108KB
-
Sample
241209-ps5lgasldk
-
MD5
d9a7217dc9e564ec15aa4493f59eb421
-
SHA1
dc1df3091604963da901166c9fef3d38aadc355d
-
SHA256
3c13016cf0957a91fe2040db0658d3216c1221ccb60567d529230b6df7bd4834
-
SHA512
ca43221a8164e44ade213dda463314f3d8420197c1f65a414b9ef3e4d208a555357c194b86391de6a2a9835f5068c1ac3ec7d03b53a2046ba4d0c5a24881524c
-
SSDEEP
3072:jqdudwV4GeIuGnjHACtBIMAAPtix/XqecJ/36:WdudW4GeIVLACtBuJwZ36
Static task
static1
Behavioral task
behavioral1
Sample
d9a7217dc9e564ec15aa4493f59eb421_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
xtremerat
black100.no-ip.biz
cantstop.no-ip.biz
Targets
-
-
Target
d9a7217dc9e564ec15aa4493f59eb421_JaffaCakes118
-
Size
108KB
-
MD5
d9a7217dc9e564ec15aa4493f59eb421
-
SHA1
dc1df3091604963da901166c9fef3d38aadc355d
-
SHA256
3c13016cf0957a91fe2040db0658d3216c1221ccb60567d529230b6df7bd4834
-
SHA512
ca43221a8164e44ade213dda463314f3d8420197c1f65a414b9ef3e4d208a555357c194b86391de6a2a9835f5068c1ac3ec7d03b53a2046ba4d0c5a24881524c
-
SSDEEP
3072:jqdudwV4GeIuGnjHACtBIMAAPtix/XqecJ/36:WdudW4GeIVLACtBuJwZ36
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Suspicious use of SetThreadContext
-