General
-
Target
27349ec56dfdeb0da9b7ef100311ae17_JaffaCakes118
-
Size
253KB
-
Sample
240705-3j8tes1gkf
-
MD5
27349ec56dfdeb0da9b7ef100311ae17
-
SHA1
362c24cadab0a21cfe81329e37318e08dd3f1703
-
SHA256
4fc78706e08717c9d4d62d35f46af3efc6c72b6b363bd31f49aa8f51db0d2a60
-
SHA512
621cf02469db0cd7fb5acb5ed0a0b586d0707ee14b84623feb58d4cffdeb0f31c1d8d8efa3560870ce4256762165bbe3dd592802ed830e209d65bcb31a196d53
-
SSDEEP
6144:hZ4B+t9IZzf4U0X6YpA5sEOnGa2qnHWWjR:hSB+t2x4U0X6eZEYfHWWF
Static task
static1
Behavioral task
behavioral1
Sample
27349ec56dfdeb0da9b7ef100311ae17_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
27349ec56dfdeb0da9b7ef100311ae17_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
xtremerat
yah0o.sytes.net
Targets
-
-
Target
27349ec56dfdeb0da9b7ef100311ae17_JaffaCakes118
-
Size
253KB
-
MD5
27349ec56dfdeb0da9b7ef100311ae17
-
SHA1
362c24cadab0a21cfe81329e37318e08dd3f1703
-
SHA256
4fc78706e08717c9d4d62d35f46af3efc6c72b6b363bd31f49aa8f51db0d2a60
-
SHA512
621cf02469db0cd7fb5acb5ed0a0b586d0707ee14b84623feb58d4cffdeb0f31c1d8d8efa3560870ce4256762165bbe3dd592802ed830e209d65bcb31a196d53
-
SSDEEP
6144:hZ4B+t9IZzf4U0X6YpA5sEOnGa2qnHWWjR:hSB+t2x4U0X6eZEYfHWWF
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-