General
-
Target
29b681d68c7224e9abc90da004e64f98_JaffaCakes118
-
Size
26KB
-
Sample
240707-eerscashrm
-
MD5
29b681d68c7224e9abc90da004e64f98
-
SHA1
8339c27a2d08e13d5c069d62050dd7f85880823f
-
SHA256
46b3782ab0b39b405487d552320717210cc2f80727fc4cdf0043a8c3881fe8b6
-
SHA512
a8720ddcafa96ac2ba5a4286c353938fb5960bb1b5ba81cea96382dc283c54c7ac30cc7c10a5adbbc15b9f63066e00e1d3582097690758a8e99c6ffdc27b479f
-
SSDEEP
384:Wpj7eNmfp+UrM8j3Mk8mw2Qwz9cEVWNuOuuOYPq8P9iYwbzuHOCpwMXwRVqr3Q:TmfpbM8j8wQwz9caAuxYyuFOkwMXc3
Behavioral task
behavioral1
Sample
29b681d68c7224e9abc90da004e64f98_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
29b681d68c7224e9abc90da004e64f98_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
xtremerat
wiisgv.no-ip.org
wiisgv.no-ip.org
蠀C:\Windwiisgv.no-ip.org
Targets
-
-
Target
29b681d68c7224e9abc90da004e64f98_JaffaCakes118
-
Size
26KB
-
MD5
29b681d68c7224e9abc90da004e64f98
-
SHA1
8339c27a2d08e13d5c069d62050dd7f85880823f
-
SHA256
46b3782ab0b39b405487d552320717210cc2f80727fc4cdf0043a8c3881fe8b6
-
SHA512
a8720ddcafa96ac2ba5a4286c353938fb5960bb1b5ba81cea96382dc283c54c7ac30cc7c10a5adbbc15b9f63066e00e1d3582097690758a8e99c6ffdc27b479f
-
SSDEEP
384:Wpj7eNmfp+UrM8j3Mk8mw2Qwz9cEVWNuOuuOYPq8P9iYwbzuHOCpwMXwRVqr3Q:TmfpbM8j8wQwz9caAuxYyuFOkwMXc3
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Adds Run key to start application
-