General
-
Target
29fae009dd24ac5180e1d5e35b1c4842_JaffaCakes118
-
Size
67KB
-
Sample
240707-ps1bravcpe
-
MD5
29fae009dd24ac5180e1d5e35b1c4842
-
SHA1
4b6e406f576524296ce1732f62820f9e7aed44f8
-
SHA256
4d3ca976656016a74bfdd9448efdbcb9b64c63b1f0907d08794ef6eb98cf524f
-
SHA512
9f2419bcdc1af1c5efe5b6622f6000e53aff222b70bdf50b3ce801175e6ee12857dd9671c5843b7fe6780dc323f0c36728d8337294f6b2f921159f6d1654613a
-
SSDEEP
1536:Gthmxm0wZy9s0BdutSm1BXCc3ytIwj3wNs+5ubqTQ9TvT:GuxxLBgtJZCc3yx48T7
Static task
static1
Behavioral task
behavioral1
Sample
29fae009dd24ac5180e1d5e35b1c4842_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
29fae009dd24ac5180e1d5e35b1c4842_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
xtremerat
conhecidos.dyndns.org
Targets
-
-
Target
29fae009dd24ac5180e1d5e35b1c4842_JaffaCakes118
-
Size
67KB
-
MD5
29fae009dd24ac5180e1d5e35b1c4842
-
SHA1
4b6e406f576524296ce1732f62820f9e7aed44f8
-
SHA256
4d3ca976656016a74bfdd9448efdbcb9b64c63b1f0907d08794ef6eb98cf524f
-
SHA512
9f2419bcdc1af1c5efe5b6622f6000e53aff222b70bdf50b3ce801175e6ee12857dd9671c5843b7fe6780dc323f0c36728d8337294f6b2f921159f6d1654613a
-
SSDEEP
1536:Gthmxm0wZy9s0BdutSm1BXCc3ytIwj3wNs+5ubqTQ9TvT:GuxxLBgtJZCc3yx48T7
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-