General
-
Target
df2f1bb69ba0fd2b3e803dd867167121_JaffaCakes118
-
Size
198KB
-
Sample
241211-aze7ts1rbl
-
MD5
df2f1bb69ba0fd2b3e803dd867167121
-
SHA1
05bcb05a04a1c9f12bab7ec1d3fa948818382984
-
SHA256
84235fbb878ec80263caddba89619cc7349f1b479bf6c5f49d35e37f9b49f1a1
-
SHA512
292e1b58c03e775a3d1fc87dee7fb68d352015c591b03e34fe082e9c8304f2acbdd9d3e02d33bfbd6a741afabba506c96d9f9008668f679659477fb3ebdd1dd0
-
SSDEEP
6144:ZKtVKQQn+aCyIK3ccnMxjlU0gYJ1ztm/E:ZKfKFW1K3DnsfRJ9
Static task
static1
Behavioral task
behavioral1
Sample
df2f1bb69ba0fd2b3e803dd867167121_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
xtremerat
franco1.no-ip.org
Targets
-
-
Target
df2f1bb69ba0fd2b3e803dd867167121_JaffaCakes118
-
Size
198KB
-
MD5
df2f1bb69ba0fd2b3e803dd867167121
-
SHA1
05bcb05a04a1c9f12bab7ec1d3fa948818382984
-
SHA256
84235fbb878ec80263caddba89619cc7349f1b479bf6c5f49d35e37f9b49f1a1
-
SHA512
292e1b58c03e775a3d1fc87dee7fb68d352015c591b03e34fe082e9c8304f2acbdd9d3e02d33bfbd6a741afabba506c96d9f9008668f679659477fb3ebdd1dd0
-
SSDEEP
6144:ZKtVKQQn+aCyIK3ccnMxjlU0gYJ1ztm/E:ZKfKFW1K3DnsfRJ9
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-