General
-
Target
276d2d239c079e035dcf1e1c1bcaec21_JaffaCakes118
-
Size
307KB
-
Sample
240706-gcrexaxblr
-
MD5
276d2d239c079e035dcf1e1c1bcaec21
-
SHA1
ebc8f4ada10f115341431d7d413cb2fb2357ce8f
-
SHA256
94585f118a0f1c8a77f8d3c0d3ca16197126a53a9a7d1f16be9f5efc7695ad42
-
SHA512
82f10e9462fe23b5d7178fa458db72f6a38fa88f5da998ef65a1956f8a15bf1fa63e6e174f204ec7076f71d2e652265679a1f891b13c578cb8c9903038375539
-
SSDEEP
6144:GUCyqRJvHe/7M6gsKyk0edlX7SxnVW5GJZ2tNYLj8Mfsr4239:GULqRJvF5ldB8VzYKj86s3N
Static task
static1
Behavioral task
behavioral1
Sample
276d2d239c079e035dcf1e1c1bcaec21_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
276d2d239c079e035dcf1e1c1bcaec21_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
xtremerat
nour1973.zapto.org
Targets
-
-
Target
276d2d239c079e035dcf1e1c1bcaec21_JaffaCakes118
-
Size
307KB
-
MD5
276d2d239c079e035dcf1e1c1bcaec21
-
SHA1
ebc8f4ada10f115341431d7d413cb2fb2357ce8f
-
SHA256
94585f118a0f1c8a77f8d3c0d3ca16197126a53a9a7d1f16be9f5efc7695ad42
-
SHA512
82f10e9462fe23b5d7178fa458db72f6a38fa88f5da998ef65a1956f8a15bf1fa63e6e174f204ec7076f71d2e652265679a1f891b13c578cb8c9903038375539
-
SSDEEP
6144:GUCyqRJvHe/7M6gsKyk0edlX7SxnVW5GJZ2tNYLj8Mfsr4239:GULqRJvF5ldB8VzYKj86s3N
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-