General
-
Target
JaffaCakes118_ab6e88b8647b53e85132ae37db0ad5aa
-
Size
276KB
-
Sample
250206-p7phssxmck
-
MD5
ab6e88b8647b53e85132ae37db0ad5aa
-
SHA1
f5ec7db40755c1995d746ffa7caaefe30893dc8e
-
SHA256
01c4e2906f41f9376c1f109e157c0c44edf7ff050bfd611b5bea2d4c10c7c4de
-
SHA512
48552bddcfb0cd3fefe38b290ec2712f2d518963ca330f302e0e5451804a641712f44cdb7a95ab02865dbf84f012996d27f5a1ef6f0059bfcbbabc77a933d021
-
SSDEEP
1536:htHLVp5mH+V77dC/nLpMbt41HP4nLNTBjO/4jExtKeJbQFOn0:htHxis7dC/LpKOGxkwYSsbVn0
Malware Config
Extracted
xtremerat
ayada.dyndns.biz
Targets
-
-
Target
JaffaCakes118_ab6e88b8647b53e85132ae37db0ad5aa
-
Size
276KB
-
MD5
ab6e88b8647b53e85132ae37db0ad5aa
-
SHA1
f5ec7db40755c1995d746ffa7caaefe30893dc8e
-
SHA256
01c4e2906f41f9376c1f109e157c0c44edf7ff050bfd611b5bea2d4c10c7c4de
-
SHA512
48552bddcfb0cd3fefe38b290ec2712f2d518963ca330f302e0e5451804a641712f44cdb7a95ab02865dbf84f012996d27f5a1ef6f0059bfcbbabc77a933d021
-
SSDEEP
1536:htHLVp5mH+V77dC/nLpMbt41HP4nLNTBjO/4jExtKeJbQFOn0:htHxis7dC/LpKOGxkwYSsbVn0
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-