General
-
Target
22c34bd99e6387703282b99cc5aef0ee_JaffaCakes118
-
Size
400KB
-
Sample
240703-scmbqsveqn
-
MD5
22c34bd99e6387703282b99cc5aef0ee
-
SHA1
7ef04b64fa6c496ae4692509775cd4401811c8fb
-
SHA256
0557e2c6baa98917191ab5786df6d1cb958015657a2a7a9378f48a3d3497cbc4
-
SHA512
d32f8847dec90d8ae495e8fd1a9500c11fe85e01cc4d543e810cf5135ec3c14d583353819ed0de79e710103b2591cafff623a91a73efc0b11a3623a1f4700fc8
-
SSDEEP
6144:nbqO0+5X2H/8ffGSQnCPL5Q0OIPV5kb/7zHSkepp/0Ju2EVyC4KAXfhyf6nd:bk+G/qexCj57pPQ/7ipiJu2F8f6nd
Static task
static1
Behavioral task
behavioral1
Sample
22c34bd99e6387703282b99cc5aef0ee_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
22c34bd99e6387703282b99cc5aef0ee_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
xtremerat
abogaism1.zapto.org
Targets
-
-
Target
22c34bd99e6387703282b99cc5aef0ee_JaffaCakes118
-
Size
400KB
-
MD5
22c34bd99e6387703282b99cc5aef0ee
-
SHA1
7ef04b64fa6c496ae4692509775cd4401811c8fb
-
SHA256
0557e2c6baa98917191ab5786df6d1cb958015657a2a7a9378f48a3d3497cbc4
-
SHA512
d32f8847dec90d8ae495e8fd1a9500c11fe85e01cc4d543e810cf5135ec3c14d583353819ed0de79e710103b2591cafff623a91a73efc0b11a3623a1f4700fc8
-
SSDEEP
6144:nbqO0+5X2H/8ffGSQnCPL5Q0OIPV5kb/7zHSkepp/0Ju2EVyC4KAXfhyf6nd:bk+G/qexCj57pPQ/7ipiJu2F8f6nd
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-