Extracted

• • Target

    JaffaCakes118_322bf28a650ec5e79f2cb95cbcf408ca

  • Size

    4.2MB

  • MD5

    322bf28a650ec5e79f2cb95cbcf408ca

  • SHA1

    4a9701ad3d0c2a8490aeb9492d048be802531169

  • SHA256

    1bb6741552bbf2b53356efb52972f7553eef5715bc5991d95341825df413bc91

  • SHA512

    4e27a345b2523391e6dcc7ca080b799aea8c42cfedbfd2317db43a887f26e6a7e35dbef60a90071d2ff5ed72fa1a3bc8feea9017786d600d1e25edf83187387c

  • SSDEEP

    98304:uFDx9x4c8hIQ4ziSqKW/B0qOnCe4fPtAZkLl+n2:Axkc8mQ429KWJ0qaK3tAZzn2

  Score

  10^/10

  xtremeratdiscoverypersistenceratspyware

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2