General
-
Target
JaffaCakes118_22b577f297a90740d0645c9ac0abe0ac
-
Size
636KB
-
Sample
250124-sl63hawlfq
-
MD5
22b577f297a90740d0645c9ac0abe0ac
-
SHA1
ff3f2d29a257e48c9f889a4b6b2f71fc65441f32
-
SHA256
2e3bee4f7e334e2da0cf399c8e6bbcfded717c8613d9fa39ebbe0b752fc53b59
-
SHA512
78651591a094a2310275da8b9d99490ddef746c8fee5d36a7b70020dbe9b6c9413a95f611daa59a3aa64c71b258f2268ae84ac535701c9e18756d5037c7d28d3
-
SSDEEP
12288:Vo7YNQyRLPxez8dFlZqBFgNhza28pYnz1WZXNpby4d8S29OqW90rajSmfB:WwQy+z+8PtZYz1WP8SWOqWGIpB
Malware Config
Extracted
xtremerat
furky37.dyndns.org
Targets
-
-
Target
JaffaCakes118_22b577f297a90740d0645c9ac0abe0ac
-
Size
636KB
-
MD5
22b577f297a90740d0645c9ac0abe0ac
-
SHA1
ff3f2d29a257e48c9f889a4b6b2f71fc65441f32
-
SHA256
2e3bee4f7e334e2da0cf399c8e6bbcfded717c8613d9fa39ebbe0b752fc53b59
-
SHA512
78651591a094a2310275da8b9d99490ddef746c8fee5d36a7b70020dbe9b6c9413a95f611daa59a3aa64c71b258f2268ae84ac535701c9e18756d5037c7d28d3
-
SSDEEP
12288:Vo7YNQyRLPxez8dFlZqBFgNhza28pYnz1WZXNpby4d8S29OqW90rajSmfB:WwQy+z+8PtZYz1WP8SWOqWGIpB
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-