General
-
Target
JaffaCakes118_2db639bef2300483e4b2e09fd9b5e6f4
-
Size
119KB
-
Sample
250125-vehsfatlbk
-
MD5
2db639bef2300483e4b2e09fd9b5e6f4
-
SHA1
07b2577b622d27ba144bc900b6252885fca3190d
-
SHA256
a04907637a28f64922000f7d00661815713ebaf1a9c0bff2c7171c6597e8953c
-
SHA512
2c513cb2b11bbbb38d15bfd9b27d21d39e821e55070ac7600ae56b6d904014ab7723c8bc1a2e8554a5242f8f0e375492c98ffe3d3218a97a5056df5ca53fe213
-
SSDEEP
3072:n+NGq8ji8Dw0wBoH7/E4n7Md+723AZxeG:nchdBob/EMQdZqv
Malware Config
Targets
-
-
Target
JaffaCakes118_2db639bef2300483e4b2e09fd9b5e6f4
-
Size
119KB
-
MD5
2db639bef2300483e4b2e09fd9b5e6f4
-
SHA1
07b2577b622d27ba144bc900b6252885fca3190d
-
SHA256
a04907637a28f64922000f7d00661815713ebaf1a9c0bff2c7171c6597e8953c
-
SHA512
2c513cb2b11bbbb38d15bfd9b27d21d39e821e55070ac7600ae56b6d904014ab7723c8bc1a2e8554a5242f8f0e375492c98ffe3d3218a97a5056df5ca53fe213
-
SSDEEP
3072:n+NGq8ji8Dw0wBoH7/E4n7Md+723AZxeG:nchdBob/EMQdZqv
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-