General
-
Target
e75adde386505df699c22e87cc73e105_JaffaCakes118
-
Size
52KB
-
Sample
241212-vd8x8ssmhj
-
MD5
e75adde386505df699c22e87cc73e105
-
SHA1
4bcc42b49f3796acd5e3ba1e848c115adda2f9c3
-
SHA256
a7626bffd9e9cb6c9e8be8081dee3ef9ed4178de7335a9285d748594ea2b306a
-
SHA512
3118d25d4670c30d671e09a73b422539b50e7022f9f9044c343fff4a2dc66446871bfbcd35144d61eca7ead21dd2142a559664da69dd34578843ef3f3c03c32e
-
SSDEEP
768:/JMuijtHf5g7/IIG3bGcYDBSvFIWuePQDGEsgQhiQAqrElEdETkTWOf20:/CNW71rcYDAWeoDrsxiQxeL0
Static task
static1
Behavioral task
behavioral1
Sample
e75adde386505df699c22e87cc73e105_JaffaCakes118.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
e75adde386505df699c22e87cc73e105_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xtremerat
ㆼjoker01.zapto.org
Targets
-
-
Target
e75adde386505df699c22e87cc73e105_JaffaCakes118
-
Size
52KB
-
MD5
e75adde386505df699c22e87cc73e105
-
SHA1
4bcc42b49f3796acd5e3ba1e848c115adda2f9c3
-
SHA256
a7626bffd9e9cb6c9e8be8081dee3ef9ed4178de7335a9285d748594ea2b306a
-
SHA512
3118d25d4670c30d671e09a73b422539b50e7022f9f9044c343fff4a2dc66446871bfbcd35144d61eca7ead21dd2142a559664da69dd34578843ef3f3c03c32e
-
SSDEEP
768:/JMuijtHf5g7/IIG3bGcYDBSvFIWuePQDGEsgQhiQAqrElEdETkTWOf20:/CNW71rcYDAWeoDrsxiQxeL0
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-