General
-
Target
28823719bf29b3a2d43e579a3b7ae06c_JaffaCakes118
-
Size
292KB
-
Sample
240706-rywxma1clp
-
MD5
28823719bf29b3a2d43e579a3b7ae06c
-
SHA1
3e68dacaf925262ab7bed8edb5c85728c55a7352
-
SHA256
93b907c511254e4edd0a6242faf2e494ea14fb4a9bff6ab6eb7297b16bfb8d3b
-
SHA512
1c80aff88ca48ec8bd384207b3e4779030d7a2795fcdf7cfb724c8fd04d5b810fc62e08648bcb8780e70b24b38bf85fdb427e061d0389663d872387da4b971b5
-
SSDEEP
1536:2OwPGSmhCmW7yCHyJgHH/oJjgCBcw91qFhuN:OGSk7CyZJMm1qSN
Static task
static1
Behavioral task
behavioral1
Sample
28823719bf29b3a2d43e579a3b7ae06c_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
28823719bf29b3a2d43e579a3b7ae06c_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
28823719bf29b3a2d43e579a3b7ae06c_JaffaCakes118
-
Size
292KB
-
MD5
28823719bf29b3a2d43e579a3b7ae06c
-
SHA1
3e68dacaf925262ab7bed8edb5c85728c55a7352
-
SHA256
93b907c511254e4edd0a6242faf2e494ea14fb4a9bff6ab6eb7297b16bfb8d3b
-
SHA512
1c80aff88ca48ec8bd384207b3e4779030d7a2795fcdf7cfb724c8fd04d5b810fc62e08648bcb8780e70b24b38bf85fdb427e061d0389663d872387da4b971b5
-
SSDEEP
1536:2OwPGSmhCmW7yCHyJgHH/oJjgCBcw91qFhuN:OGSk7CyZJMm1qSN
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-