General
-
Target
2a5d1b4da7de5b8157e41ffd53c585f4_JaffaCakes118
-
Size
3.4MB
-
Sample
240708-axyw6awejf
-
MD5
2a5d1b4da7de5b8157e41ffd53c585f4
-
SHA1
7f7a1b1d01ce096109aafbb936f2604b2894d031
-
SHA256
c634146cab69b72a71fa13a9ab8d3fd46b57e26cd40351b1bb5f0f17851685fe
-
SHA512
bd9a8c5b317398aa6a842f3803b035f80208a586c9176912b4acbedabca943860d683dcb911aa29b169074ca801334ba849a8caf970aa6f933180cbc827b95c8
-
SSDEEP
49152:BuOtOM28qS/JbVPS2PPJGAm+KhWbyZVtgk1KDmcv+ZZ9Waa0l/TbQVKaOto22K:lOMZZHP3PPahyy1yA9Waaw/KOm22K
Static task
static1
Behavioral task
behavioral1
Sample
2a5d1b4da7de5b8157e41ffd53c585f4_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2a5d1b4da7de5b8157e41ffd53c585f4_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
xtremerat
mmsalt.no-ip.org
Targets
-
-
Target
2a5d1b4da7de5b8157e41ffd53c585f4_JaffaCakes118
-
Size
3.4MB
-
MD5
2a5d1b4da7de5b8157e41ffd53c585f4
-
SHA1
7f7a1b1d01ce096109aafbb936f2604b2894d031
-
SHA256
c634146cab69b72a71fa13a9ab8d3fd46b57e26cd40351b1bb5f0f17851685fe
-
SHA512
bd9a8c5b317398aa6a842f3803b035f80208a586c9176912b4acbedabca943860d683dcb911aa29b169074ca801334ba849a8caf970aa6f933180cbc827b95c8
-
SSDEEP
49152:BuOtOM28qS/JbVPS2PPJGAm+KhWbyZVtgk1KDmcv+ZZ9Waa0l/TbQVKaOto22K:lOMZZHP3PPahyy1yA9Waaw/KOm22K
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-