General
-
Target
28826c6108cf11ed6788c7da2c1b45c8_JaffaCakes118
-
Size
241KB
-
Sample
240706-ry6f3atcqd
-
MD5
28826c6108cf11ed6788c7da2c1b45c8
-
SHA1
deafc8e402fd077d2eccb3227d047ce963bf9fc6
-
SHA256
38612efa4e3b5ebc8f4f27addf29a09f22e396b5740d13756ade669d270566a7
-
SHA512
852bfb3acf9df99281ee382942c6efa9a6683dfc856ef724d7add93d31451c3da1f71ef983037d9cc061b50ae6ecb517b75b03a14e90e2ea943ebb0962ef897d
-
SSDEEP
6144:0wD02+t2pubXVI6x6DiAdraBCDoAc769/c:0y0r6KXVI64HraByc769k
Static task
static1
Behavioral task
behavioral1
Sample
28826c6108cf11ed6788c7da2c1b45c8_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
28826c6108cf11ed6788c7da2c1b45c8_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
xtremerat
eoeox.no-ip.biz
Targets
-
-
Target
28826c6108cf11ed6788c7da2c1b45c8_JaffaCakes118
-
Size
241KB
-
MD5
28826c6108cf11ed6788c7da2c1b45c8
-
SHA1
deafc8e402fd077d2eccb3227d047ce963bf9fc6
-
SHA256
38612efa4e3b5ebc8f4f27addf29a09f22e396b5740d13756ade669d270566a7
-
SHA512
852bfb3acf9df99281ee382942c6efa9a6683dfc856ef724d7add93d31451c3da1f71ef983037d9cc061b50ae6ecb517b75b03a14e90e2ea943ebb0962ef897d
-
SSDEEP
6144:0wD02+t2pubXVI6x6DiAdraBCDoAc769/c:0y0r6KXVI64HraByc769k
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-