General
-
Target
JaffaCakes118_a79476d5858ad853bdc29614261fb19f
-
Size
170KB
-
Sample
250206-frav2awkbq
-
MD5
a79476d5858ad853bdc29614261fb19f
-
SHA1
f667e64ec8af2bae6dd5309bc31cc991fc9c1f9a
-
SHA256
14b0127bb7f2f4054b43af380118b2e6cf5c50ff256f755a843fa62eb0eff0aa
-
SHA512
9cdbe52289a75b79ac785e7e0c1666d9a760b29cf28a7103ebe00379bb54c4743afd6aaf6118da1236006b61a0b4d97197e67b60ed9b56fb94324ca28932c148
-
SSDEEP
3072:zKEKmrDUskUVIKkAX/0L0rZmm1sJmvxHfi/R1+aJe1mgawzxsBub861jIHxownLj:zKE5IIL7JnYRUTV5nLrQLulIGsZ
Malware Config
Targets
-
-
Target
JaffaCakes118_a79476d5858ad853bdc29614261fb19f
-
Size
170KB
-
MD5
a79476d5858ad853bdc29614261fb19f
-
SHA1
f667e64ec8af2bae6dd5309bc31cc991fc9c1f9a
-
SHA256
14b0127bb7f2f4054b43af380118b2e6cf5c50ff256f755a843fa62eb0eff0aa
-
SHA512
9cdbe52289a75b79ac785e7e0c1666d9a760b29cf28a7103ebe00379bb54c4743afd6aaf6118da1236006b61a0b4d97197e67b60ed9b56fb94324ca28932c148
-
SSDEEP
3072:zKEKmrDUskUVIKkAX/0L0rZmm1sJmvxHfi/R1+aJe1mgawzxsBub861jIHxownLj:zKE5IIL7JnYRUTV5nLrQLulIGsZ
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-