General
-
Target
263f85063badd5832d950a0893d7da5d_JaffaCakes118
-
Size
248KB
-
Sample
240704-z55gcasame
-
MD5
263f85063badd5832d950a0893d7da5d
-
SHA1
fcbee243461ab10ae1d8385612e2c914a216ba60
-
SHA256
582eb4a591cf44f3725e37a184ef285ff85b5e476083a95cae491d6d52c43c29
-
SHA512
b1b89a4f5453f50c0eab5d512f8ce8ad3ada6fa74d9101cce440c6e3673e3b98d21445cb323b0752fbc7057749cca0b75cda0295daedff545946ba0df984e2a9
-
SSDEEP
1536:EHNCKoT0tyc1mR/3xgZGWu6Sre2D/PlmXqFiluN/8T1iMzfHG:c8wcGm5BgZGWu6ie27P4Xcy6UkMzfm
Static task
static1
Behavioral task
behavioral1
Sample
263f85063badd5832d950a0893d7da5d_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
263f85063badd5832d950a0893d7da5d_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
xtremerat
almm.no-ip.biz
Targets
-
-
Target
263f85063badd5832d950a0893d7da5d_JaffaCakes118
-
Size
248KB
-
MD5
263f85063badd5832d950a0893d7da5d
-
SHA1
fcbee243461ab10ae1d8385612e2c914a216ba60
-
SHA256
582eb4a591cf44f3725e37a184ef285ff85b5e476083a95cae491d6d52c43c29
-
SHA512
b1b89a4f5453f50c0eab5d512f8ce8ad3ada6fa74d9101cce440c6e3673e3b98d21445cb323b0752fbc7057749cca0b75cda0295daedff545946ba0df984e2a9
-
SSDEEP
1536:EHNCKoT0tyc1mR/3xgZGWu6Sre2D/PlmXqFiluN/8T1iMzfHG:c8wcGm5BgZGWu6ie27P4Xcy6UkMzfm
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-