xtremerat | 4adbe2d65372183b94331aa85fbc68fd11c1031a36f316c8fe07e226f04651d2 | Triage

Submit
Reports

Overview

overview

Static

static

4adbe2d653...d2.exe

windows7-x64

4adbe2d653...d2.exe

windows10-2004-x64

Resubmissions

11-08-2022 15:42

220811-s5lkxabda5 10

12-07-2022 11:51

220712-n1lynaghdr 10

Sharing

General

Target

4adbe2d65372183b94331aa85fbc68fd11c1031a36f316c8fe07e226f04651d2
Size

886KB
Sample

220811-s5lkxabda5
MD5

40eaca541433514a31508b7a328db6ef
SHA1

bca267e3a5007147c9c0cb44612bf6027b47ba76
SHA256

4adbe2d65372183b94331aa85fbc68fd11c1031a36f316c8fe07e226f04651d2
SHA512

3fa774f21f13b349e3474ba6da9d0835151d31847f2051f731d24a71e8e6b66be0d35d495b4db9bed7f1697c55533c141b2b70f8d94d53d3e7b50e6cc9ffbf24

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

Behavioral task

behavioral1

Sample

4adbe2d65372183b94331aa85fbc68fd11c1031a36f316c8fe07e226f04651d2.exe

Resource

win7-20220718-en

xtremerat persistence rat spyware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

4adbe2d65372183b94331aa85fbc68fd11c1031a36f316c8fe07e226f04651d2.exe

Resource

win10v2004-20220721-en

xtremerat persistence rat spyware

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

feelmepkudie.no-ip.org

Targets

- Target
  
  4adbe2d65372183b94331aa85fbc68fd11c1031a36f316c8fe07e226f04651d2
- Size
  
  886KB
- MD5
  
  40eaca541433514a31508b7a328db6ef
- SHA1
  
  bca267e3a5007147c9c0cb44612bf6027b47ba76
- SHA256
  
  4adbe2d65372183b94331aa85fbc68fd11c1031a36f316c8fe07e226f04651d2
- SHA512
  
  3fa774f21f13b349e3474ba6da9d0835151d31847f2051f731d24a71e8e6b66be0d35d495b4db9bed7f1697c55533c141b2b70f8d94d53d3e7b50e6cc9ffbf24
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Modifies Installed Components in the registry
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2024

Terms | Privacy