General
-
Target
2a1b197690954af6e421b92d29e74396_JaffaCakes118
-
Size
84KB
-
Sample
240707-2383vs1bpl
-
MD5
2a1b197690954af6e421b92d29e74396
-
SHA1
3244f321fb8cab8f3e4695a240c92f85e45acf7f
-
SHA256
72b8181a2d08aa6ff948db88de8913fe8a2606346331b98bafc690df4aa66207
-
SHA512
0be84d5f574e492ce12ffc0e1d061e2da5ff583b9afee018e6483379231f33bc8871b7d2e4390d2448d64b9eb47b5d703bd7fbfa8484df16ff1ca832da51eec7
-
SSDEEP
1536:erhU7XNDz5Zwk4aGHuhbpJaOBRZsf4TFlW0MSWJpWZgI:ey7dX5ZwNjuvJa+RCwTFlML+
Static task
static1
Behavioral task
behavioral1
Sample
2a1b197690954af6e421b92d29e74396_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2a1b197690954af6e421b92d29e74396_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
xtremerat
mahdidi.zapto.org
Label123vivalgerie.no-ip.biz
Targets
-
-
Target
2a1b197690954af6e421b92d29e74396_JaffaCakes118
-
Size
84KB
-
MD5
2a1b197690954af6e421b92d29e74396
-
SHA1
3244f321fb8cab8f3e4695a240c92f85e45acf7f
-
SHA256
72b8181a2d08aa6ff948db88de8913fe8a2606346331b98bafc690df4aa66207
-
SHA512
0be84d5f574e492ce12ffc0e1d061e2da5ff583b9afee018e6483379231f33bc8871b7d2e4390d2448d64b9eb47b5d703bd7fbfa8484df16ff1ca832da51eec7
-
SSDEEP
1536:erhU7XNDz5Zwk4aGHuhbpJaOBRZsf4TFlW0MSWJpWZgI:ey7dX5ZwNjuvJa+RCwTFlML+
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-