General
-
Target
JaffaCakes118_e3a80c6369ba9577bcff2d009d71cb32
-
Size
260KB
-
Sample
250211-hm6g9ayqgj
-
MD5
e3a80c6369ba9577bcff2d009d71cb32
-
SHA1
0af15d482403c0783051804a1344bffadf981e2b
-
SHA256
e46911584344ce1bacc7da13d6d0961ea26b23711bbf711b92c68ca19ae9d22d
-
SHA512
0f39bc60be872a6cc94573b433d37ac59f7afadf3281aaca6cc15452b69914af77f223da13a2a8424d4db7d6752e35d652ca6ec9d35eaf39535ecede7b8778eb
-
SSDEEP
1536:/DWY2LVp5mH+V77dC/nLpMbt41HP4nLNTBjO/4jExtKeJr5Fwna:aY2xis7dC/LpKOGxkwYSsrona
Malware Config
Extracted
xtremerat
ayada.dyndns.biz
Targets
-
-
Target
JaffaCakes118_e3a80c6369ba9577bcff2d009d71cb32
-
Size
260KB
-
MD5
e3a80c6369ba9577bcff2d009d71cb32
-
SHA1
0af15d482403c0783051804a1344bffadf981e2b
-
SHA256
e46911584344ce1bacc7da13d6d0961ea26b23711bbf711b92c68ca19ae9d22d
-
SHA512
0f39bc60be872a6cc94573b433d37ac59f7afadf3281aaca6cc15452b69914af77f223da13a2a8424d4db7d6752e35d652ca6ec9d35eaf39535ecede7b8778eb
-
SSDEEP
1536:/DWY2LVp5mH+V77dC/nLpMbt41HP4nLNTBjO/4jExtKeJr5Fwna:aY2xis7dC/LpKOGxkwYSsrona
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-