General
-
Target
2270904a3d0065599fbf2dc327d00c28_JaffaCakes118
-
Size
133KB
-
Sample
240703-p5ektaweqd
-
MD5
2270904a3d0065599fbf2dc327d00c28
-
SHA1
c49d9f308071921fb3ad6d88ee9fecef1a678756
-
SHA256
43f428ac2e6dd248f019eb8b40bf4207e87075a652a0407516cec118ada0cc39
-
SHA512
6864e3b4e353cc710fcdc4185626de3f03edc800022510489d0c5e620d23bde76738b7298413a929b0c8d8bacdb53498e0fa7a97cb8e35dbc81f472615eeb122
-
SSDEEP
3072:Vodx7H3MsmT9hVqlTBWkhFRnl3ewQNYcIDwGWmigZ:aM5WBWkPtAdIDpDiu
Static task
static1
Behavioral task
behavioral1
Sample
2270904a3d0065599fbf2dc327d00c28_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
2270904a3d0065599fbf2dc327d00c28_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
xtremerat
freshness.dyndns-ip.com
Targets
-
-
Target
2270904a3d0065599fbf2dc327d00c28_JaffaCakes118
-
Size
133KB
-
MD5
2270904a3d0065599fbf2dc327d00c28
-
SHA1
c49d9f308071921fb3ad6d88ee9fecef1a678756
-
SHA256
43f428ac2e6dd248f019eb8b40bf4207e87075a652a0407516cec118ada0cc39
-
SHA512
6864e3b4e353cc710fcdc4185626de3f03edc800022510489d0c5e620d23bde76738b7298413a929b0c8d8bacdb53498e0fa7a97cb8e35dbc81f472615eeb122
-
SSDEEP
3072:Vodx7H3MsmT9hVqlTBWkhFRnl3ewQNYcIDwGWmigZ:aM5WBWkPtAdIDpDiu
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-