General
-
Target
2a1e6d3c166092b771a71d51fbae5e66_JaffaCakes118
-
Size
63KB
-
Sample
240707-26nlbs1cnm
-
MD5
2a1e6d3c166092b771a71d51fbae5e66
-
SHA1
8f62cbb7ae199ff3cb96e8c062709802f2451503
-
SHA256
cff488bb00e4776b0f8501834fc44ad2df23d66f9dfc70c575ff0355b218234d
-
SHA512
08cdac0d92f96f0e6211fcf732d261717b2b7455aa41e0ccfc6860092051dd9e88ec18d750791e8776d1791e28a09f4c9532a47164a19d7d5671ad16feae884b
-
SSDEEP
1536:7EycZiA+/WEoHEP515yVq0cVT83lnLR4RVveOMkSGrkh+oDg31J2wYwP:7mZihjokx15ar5VmvWkSGrK+oDUYC
Static task
static1
Behavioral task
behavioral1
Sample
2a1e6d3c166092b771a71d51fbae5e66_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2a1e6d3c166092b771a71d51fbae5e66_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
2a1e6d3c166092b771a71d51fbae5e66_JaffaCakes118
-
Size
63KB
-
MD5
2a1e6d3c166092b771a71d51fbae5e66
-
SHA1
8f62cbb7ae199ff3cb96e8c062709802f2451503
-
SHA256
cff488bb00e4776b0f8501834fc44ad2df23d66f9dfc70c575ff0355b218234d
-
SHA512
08cdac0d92f96f0e6211fcf732d261717b2b7455aa41e0ccfc6860092051dd9e88ec18d750791e8776d1791e28a09f4c9532a47164a19d7d5671ad16feae884b
-
SSDEEP
1536:7EycZiA+/WEoHEP515yVq0cVT83lnLR4RVveOMkSGrkh+oDg31J2wYwP:7mZihjokx15ar5VmvWkSGrK+oDUYC
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Suspicious use of SetThreadContext
-