General
-
Target
229efe77ea6d66a60aefb8e95cd5a9ac_JaffaCakes118
-
Size
232KB
-
Sample
240703-rdkc4a1eqc
-
MD5
229efe77ea6d66a60aefb8e95cd5a9ac
-
SHA1
36b00f8d6454bf3eb9eb29d71e405e6ebf233cce
-
SHA256
c8285e82e00afb79b82f2fde9527f047df72d75487676676a8b8fbcb0a35747c
-
SHA512
8b9baf5b2ef4d504eb2c90e668c91b18ca0e592a15e1143194c048ace4cf9fd66f44044a533e70db167e6b8888f1ddc3ffc5582c520eec745672ea70889d2026
-
SSDEEP
3072:++i1hgLbuclIga+0+1CmNNMV5nk6cwxpRInphz5NMJiLM05tznIkwok1nlFY9++4:++5rlIinfMVPcwvGzjMILRzjwbleXI
Static task
static1
Behavioral task
behavioral1
Sample
229efe77ea6d66a60aefb8e95cd5a9ac_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
229efe77ea6d66a60aefb8e95cd5a9ac_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
229efe77ea6d66a60aefb8e95cd5a9ac_JaffaCakes118
-
Size
232KB
-
MD5
229efe77ea6d66a60aefb8e95cd5a9ac
-
SHA1
36b00f8d6454bf3eb9eb29d71e405e6ebf233cce
-
SHA256
c8285e82e00afb79b82f2fde9527f047df72d75487676676a8b8fbcb0a35747c
-
SHA512
8b9baf5b2ef4d504eb2c90e668c91b18ca0e592a15e1143194c048ace4cf9fd66f44044a533e70db167e6b8888f1ddc3ffc5582c520eec745672ea70889d2026
-
SSDEEP
3072:++i1hgLbuclIga+0+1CmNNMV5nk6cwxpRInphz5NMJiLM05tznIkwok1nlFY9++4:++5rlIinfMVPcwvGzjMILRzjwbleXI
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-