General
-
Target
df38f6bbc4804c2d5d576e13854da3a3_JaffaCakes118
-
Size
876KB
-
Sample
241211-a6akxsskep
-
MD5
df38f6bbc4804c2d5d576e13854da3a3
-
SHA1
86eee7d83fe8be98c253c6e171c603f7c2e9926a
-
SHA256
bc9e39568f3ca72539ef6f7ae688ff80c80e131724732cc04481681a8f4956a4
-
SHA512
b68018620c126ffccd0777738bffd928ff12e0548ec893e55f6767c75c44332baae43856269a5fd3d2da8d85dbe89ca5210ea69f1c687e215767bad7dd204eb2
-
SSDEEP
24576:8F/+K10zqI6fTgzSfkr8JwFwYktbyrtVwz1KR:8f2W3Tz8r8e+6/
Malware Config
Extracted
xtremerat
aissa44.no-ip.biz
Targets
-
-
Target
df38f6bbc4804c2d5d576e13854da3a3_JaffaCakes118
-
Size
876KB
-
MD5
df38f6bbc4804c2d5d576e13854da3a3
-
SHA1
86eee7d83fe8be98c253c6e171c603f7c2e9926a
-
SHA256
bc9e39568f3ca72539ef6f7ae688ff80c80e131724732cc04481681a8f4956a4
-
SHA512
b68018620c126ffccd0777738bffd928ff12e0548ec893e55f6767c75c44332baae43856269a5fd3d2da8d85dbe89ca5210ea69f1c687e215767bad7dd204eb2
-
SSDEEP
24576:8F/+K10zqI6fTgzSfkr8JwFwYktbyrtVwz1KR:8f2W3Tz8r8e+6/
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-