Extracted

• • Target

    ee2137ca6fc3ad1710e1ad4fd0419625_JaffaCakes118

  • Size

    1.3MB

  • MD5

    ee2137ca6fc3ad1710e1ad4fd0419625

  • SHA1

    4f9e275901f9a2d65512a793422c316cd0f74361

  • SHA256

    efff17caa85cf12923caa783477206e90197fabecae18e2f719400207483323d

  • SHA512

    bef89fc269a7ca3a3f731e921a26869f134448323dcc4520ce12908623b85255541744e17614a8c0d937f0b1603f3c351c290e5d027aefaa94199050c4c4f041

  • SSDEEP

    24576:LFE//Tct4bOski47Ersh4TP96Rw9PsbgwRe6aegxiu32exMfAmULP:hSVkv7qsWP96cPQRe6Ru322MImU7

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2