Extracted

• • Target

    JaffaCakes118_0fc475e87328a89b3b211090ecc167bd

  • Size

    78KB

  • MD5

    0fc475e87328a89b3b211090ecc167bd

  • SHA1

    d8873a8674166102dde6706c407319e2028587c5

  • SHA256

    2b8a97fa8f1ce10cef73209278209aa9b809a709bc9c10f374be5ffd461201d4

  • SHA512

    38fc87b4a669a544373c58e49ff3117a1c338a6fecab231f951dd35c3249d5cfa9b48e5bb8539773d42392cadb79c6fcc1b0c8606a02cdd7c8fd1f530e175d27

  • SSDEEP

    1536:/tjdd0fJtYCYgrxymA3MTTvLbaxBPRq9vjiiZ5zdVAn8B9:VZkaCY+xG3MXLmb+vdnD

  Score

  10^/10

  xtremeratdiscoverypersistenceratspyware

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2