General
-
Target
249465d1606903a36d425b536e1c6820_JaffaCakes118
-
Size
236KB
-
Sample
240704-ep4jwstdrj
-
MD5
249465d1606903a36d425b536e1c6820
-
SHA1
87d2ce49be0b62df606f4796533da6da2611e233
-
SHA256
0db379fbd85259c02e205ae9928c2c6eaa67a01855de378151a76791b801b967
-
SHA512
874d0a59bb2ee2a48d8fba14f57dbf9cb4a34d1266a715b5bc81287b08912d7c9d8e0fb90f3052d6902012f6b0f43959e5f087242029693fd85c3e7827a05e0e
-
SSDEEP
6144:3mhEHu+ufcxIrsbM9LKT0H1VVI/F7ZJJ5RIBXwVxlZHT:dHutjrsbQ6CVeLswDlB
Static task
static1
Behavioral task
behavioral1
Sample
249465d1606903a36d425b536e1c6820_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
249465d1606903a36d425b536e1c6820_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
xtremerat
dzxdz.no-ip.info
Targets
-
-
Target
249465d1606903a36d425b536e1c6820_JaffaCakes118
-
Size
236KB
-
MD5
249465d1606903a36d425b536e1c6820
-
SHA1
87d2ce49be0b62df606f4796533da6da2611e233
-
SHA256
0db379fbd85259c02e205ae9928c2c6eaa67a01855de378151a76791b801b967
-
SHA512
874d0a59bb2ee2a48d8fba14f57dbf9cb4a34d1266a715b5bc81287b08912d7c9d8e0fb90f3052d6902012f6b0f43959e5f087242029693fd85c3e7827a05e0e
-
SSDEEP
6144:3mhEHu+ufcxIrsbM9LKT0H1VVI/F7ZJJ5RIBXwVxlZHT:dHutjrsbQ6CVeLswDlB
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Molebox Virtualization software
Detects file using Molebox Virtualization software.
-
Adds Run key to start application
-
Drops file in System32 directory
-