General
-
Target
28089893c1d9e756f0ae4af23123ec53_JaffaCakes118
-
Size
356KB
-
Sample
240706-lbkceswerg
-
MD5
28089893c1d9e756f0ae4af23123ec53
-
SHA1
a71764ef8171820e147da35dd1dd2c239d1feb02
-
SHA256
9084d64fbcd5e6562eb4f80af38be53cd0a13570c5c99609825922556139f290
-
SHA512
f1b08bf20a6fac2c6db68d7ffb9fc71875c26d95032715f28521c7996abc12b6a334aa16bff3174f630db297ab1d1ddf65752f4e23a4817231877c40f9ed4fd2
-
SSDEEP
6144:Kxev4M2Jg+EYZr8iyD2/VfZfNL4WGnpgRRk+aAj89KPbOHNbWe:Wev4M2JsYZpq2/VfZfNL45npAHjSD
Static task
static1
Behavioral task
behavioral1
Sample
28089893c1d9e756f0ae4af23123ec53_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
28089893c1d9e756f0ae4af23123ec53_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
xtremerat
theking200817.no-ip.biz
Targets
-
-
Target
28089893c1d9e756f0ae4af23123ec53_JaffaCakes118
-
Size
356KB
-
MD5
28089893c1d9e756f0ae4af23123ec53
-
SHA1
a71764ef8171820e147da35dd1dd2c239d1feb02
-
SHA256
9084d64fbcd5e6562eb4f80af38be53cd0a13570c5c99609825922556139f290
-
SHA512
f1b08bf20a6fac2c6db68d7ffb9fc71875c26d95032715f28521c7996abc12b6a334aa16bff3174f630db297ab1d1ddf65752f4e23a4817231877c40f9ed4fd2
-
SSDEEP
6144:Kxev4M2Jg+EYZr8iyD2/VfZfNL4WGnpgRRk+aAj89KPbOHNbWe:Wev4M2JsYZpq2/VfZfNL45npAHjSD
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-