xtremerat | a0932ed1c3b0ec9d46807aab8add548f4fae9bb7d66db68e101497d276d54f13 | Triage

Submit
Reports

Overview

overview

Static

static

8

CF AL CHEA...ap.dll

windows7_x64

1

CF AL CHEA...ap.dll

windows10-2004_x64

1

CF AL CHEA...TS.exe

windows7_x64

CF AL CHEA...TS.exe

windows10-2004_x64

Sharing

General

Target

a0932ed1c3b0ec9d46807aab8add548f4fae9bb7d66db68e101497d276d54f13
Size

160KB
Sample

220705-ems1dafga5
MD5

bee9a31f90e0f4ed63360953f32c0046
SHA1

de809aefae68d708a2d331ddc1e7b5e2c6e0d2d5
SHA256

a0932ed1c3b0ec9d46807aab8add548f4fae9bb7d66db68e101497d276d54f13
SHA512

66e5d6b3f0b9cd8d56a01762b90a5379c608e62e067ac1c705bf32819bb1570b9c89472301dfb57ae94a133fe5d97654a24ca0188938c19ecfd430f90d4ccae6

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

Behavioral task

behavioral1

Sample

CF AL CHEATS 2K18/BugTrap.dll

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

CF AL CHEATS 2K18/BugTrap.dll

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

CF AL CHEATS 2K18/CF AL CHEATS.exe

Resource

win7-20220414-en

xtremerat persistence rat spyware upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

CF AL CHEATS 2K18/CF AL CHEATS.exe

Resource

win10v2004-20220414-en

xtremerat persistence rat spyware upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  CF AL CHEATS 2K18/BugTrap.dll
- Size
  
  247KB
- MD5
  
  b2c2fbcfa93775fc1dfcd7edc8725263
- SHA1
  
  2b351f25aed5498e1a176cf1078c001950e6eed6
- SHA256
  
  b0f5173f6e30ba6463111d8c372b9fdc51e46a8f017165b68499931d1e889ff7
- SHA512
  
  7ecf32c18f2ea8fd01e040c20fbf561e78e2fba1bcb34b26377a85ddf32fb30d73f71e1d0f58146918bdd1fd9bf1b59b7e75582c392930c51660a4bc2c0a99cf
Score

1^/10
behavioral1 behavioral2
- Target
  
  CF AL CHEATS 2K18/CF AL CHEATS.exe
- Size
  
  33KB
- MD5
  
  ff926ad152e49b12044bcf258012a95d
- SHA1
  
  d7dc9a9f0ce32763dc654b1a8554246e0972c2cf
- SHA256
  
  3a4707df311d1b499a8c78e7e1c33b4f235de01c55b631e7147a32bf4b3e3830
- SHA512
  
  54980080ad22afd3a98d0f60d36314a9f65cc28b944d577cc3762437632c3c391762c2dad826a94a5e45bba11d608dca8529e2b12bba5575cd01ddc4f33d02d8
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT Payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

xtremeratpersistenceratspywareupx

behavioral4

xtremeratpersistenceratspywareupx

© 2018-2024

Terms | Privacy