Extracted

• • Target

    JaffaCakes118_836deb007747bc0637181689aed528e4

  • Size

    52KB

  • MD5

    836deb007747bc0637181689aed528e4

  • SHA1

    4f4d29fd4067e53c86128d4b2d922074e7b94843

  • SHA256

    051735babb059ece0a0508d997ee23c4dda6a84520b1f871ecec340311f1750e

  • SHA512

    7cad894dbc064b5a876dcc90df4a9a3a4de072c26fb788100119f8d4ad2b5a3047a4da728deb5920fb89448756a09f2e1d2e1409b37fb391f05f0bea47e7cb25

  • SSDEEP

    1536:iNW71rcYDAWeotvXl7g+bowgM7VHlaFqo:iNW7dEvotvXxg+Fg6VFaF

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2