General
-
Target
26f22c271092c92be366a8b47bc3a97b_JaffaCakes118
-
Size
164KB
-
Sample
240705-qv7paayhlq
-
MD5
26f22c271092c92be366a8b47bc3a97b
-
SHA1
eabd601cdc6f9c8fa5115c5d73bd0ca1b059cd1d
-
SHA256
f23b8e5ef80bad9f0c094f0aff7c9ab873846ee61c83045ab5d7b66523b8ce8f
-
SHA512
b60da3376ad1462b5507895720629ce855b0bfc2d582ee1e6a02975d3180d152a17e51d1308d4bec8144f15614fbd76207af98637b1fa080e5358706960d8276
-
SSDEEP
3072:gaMUY+pd0jsNR+0n7a3+k9IEgfzX4hk+XwW/jLPtBEx3VStGnCK:t8ANb7a3+kS7UzdnPtBeUInCK
Static task
static1
Behavioral task
behavioral1
Sample
26f22c271092c92be366a8b47bc3a97b_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
26f22c271092c92be366a8b47bc3a97b_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
xtremerat
dannymatrix.no-ip.org
Targets
-
-
Target
26f22c271092c92be366a8b47bc3a97b_JaffaCakes118
-
Size
164KB
-
MD5
26f22c271092c92be366a8b47bc3a97b
-
SHA1
eabd601cdc6f9c8fa5115c5d73bd0ca1b059cd1d
-
SHA256
f23b8e5ef80bad9f0c094f0aff7c9ab873846ee61c83045ab5d7b66523b8ce8f
-
SHA512
b60da3376ad1462b5507895720629ce855b0bfc2d582ee1e6a02975d3180d152a17e51d1308d4bec8144f15614fbd76207af98637b1fa080e5358706960d8276
-
SSDEEP
3072:gaMUY+pd0jsNR+0n7a3+k9IEgfzX4hk+XwW/jLPtBEx3VStGnCK:t8ANb7a3+kS7UzdnPtBeUInCK
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-