Extracted

• • Target

    JaffaCakes118_b5d7ddfab257e6cad5f3bb290f0296b6

  • Size

    52KB

  • MD5

    b5d7ddfab257e6cad5f3bb290f0296b6

  • SHA1

    be79ae037eb0ed6e490b608ca445a9e791129ea9

  • SHA256

    13c8e6c4ca53606e7f5fe3e983971e99d509760e6685fc77c1f111fd52ad50e4

  • SHA512

    3b0b5cfa072faccb6623d4444f4e882fe6618ceed560172292ba80b21b85b76d6914375a7028031a56dc048a5263acd55faf9cc64c6346c65a061c39c93d3317

  • SSDEEP

    768:qrRgf5rS7hb/rkUvYIcDlozYcHeImry8UHZbY4UnzG0qhJokOsWT3Fbs:qN65rCPkHlFIqy8UU8YT3K

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2