General
-
Target
e25a530a619d80f47c07859ffb30c461_JaffaCakes118
-
Size
825KB
-
Sample
241211-t734eavrdj
-
MD5
e25a530a619d80f47c07859ffb30c461
-
SHA1
6c4e028a9af10aeef790afb754e192ff4973d9a3
-
SHA256
7508eac8f92a60b84e761d6cb54a6f6c64e8a026c10f96ee9e7165bc1b3f5381
-
SHA512
51bcdbf9ffc6533e450de5147e4d0ae237121bc48b40f0a4be10b54e9c8ff63b84d3fb18a52e55b6a7a143f988265be67bf00586e3b2747b75ef8073c4f58c83
-
SSDEEP
24576:2AojG2m6TtySYXU9/UwlPGhnxy4i9XCWsu5agFya3TphZo:A/PtySL9/UwluhnhuyWZagdTPZo
Static task
static1
Behavioral task
behavioral1
Sample
e25a530a619d80f47c07859ffb30c461_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Extracted
xtremerat
jc9-hacker.no-ip.org
Targets
-
-
Target
e25a530a619d80f47c07859ffb30c461_JaffaCakes118
-
Size
825KB
-
MD5
e25a530a619d80f47c07859ffb30c461
-
SHA1
6c4e028a9af10aeef790afb754e192ff4973d9a3
-
SHA256
7508eac8f92a60b84e761d6cb54a6f6c64e8a026c10f96ee9e7165bc1b3f5381
-
SHA512
51bcdbf9ffc6533e450de5147e4d0ae237121bc48b40f0a4be10b54e9c8ff63b84d3fb18a52e55b6a7a143f988265be67bf00586e3b2747b75ef8073c4f58c83
-
SSDEEP
24576:2AojG2m6TtySYXU9/UwlPGhnxy4i9XCWsu5agFya3TphZo:A/PtySL9/UwluhnhuyWZagdTPZo
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of SetThreadContext
-