General
-
Target
JaffaCakes118_00a426b5589205ba2f1bc448f2cb733f
-
Size
95KB
-
Sample
250120-3g11ssvlhq
-
MD5
00a426b5589205ba2f1bc448f2cb733f
-
SHA1
96976ed4cddffe96fbb2b00f82dc58ffb65e430f
-
SHA256
671f16e9cfa413dd1c989e97eafb228d981d5ba0b59b9e7cb775b38d6df80e23
-
SHA512
b9eec4e38149d3657bbe814cc6d48fa3f2da144577ee095ef0ac39fae54f46a371a7a314e7eae3f8a477a15a3b476f4a8163ce1fa7fed2264e9e5c1956b91c2c
-
SSDEEP
1536:nF2gO8Wg//I18VO37gCaj/J1h0UMKbu3wvc01dWkZBsAPoe+Es:ogO8Ng8VvnvqwfkAgJEs
Malware Config
Extracted
xtremerat
black100.no-ip.biz
cantstop.no-ip.biz
Targets
-
-
Target
JaffaCakes118_00a426b5589205ba2f1bc448f2cb733f
-
Size
95KB
-
MD5
00a426b5589205ba2f1bc448f2cb733f
-
SHA1
96976ed4cddffe96fbb2b00f82dc58ffb65e430f
-
SHA256
671f16e9cfa413dd1c989e97eafb228d981d5ba0b59b9e7cb775b38d6df80e23
-
SHA512
b9eec4e38149d3657bbe814cc6d48fa3f2da144577ee095ef0ac39fae54f46a371a7a314e7eae3f8a477a15a3b476f4a8163ce1fa7fed2264e9e5c1956b91c2c
-
SSDEEP
1536:nF2gO8Wg//I18VO37gCaj/J1h0UMKbu3wvc01dWkZBsAPoe+Es:ogO8Ng8VvnvqwfkAgJEs
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-