xtremerat | 69e99e879cc0f5f739c1a6750c5c279dfdadeda838da65bd17b2343328e22a0f | Triage

Submit
Reports

Overview

overview

Static

static

69e99e879c...0f.exe

windows7-x64

69e99e879c...0f.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

69e99e879cc0f5f739c1a6750c5c279dfdadeda838da65bd17b2343328e22a0f
Size

81KB
Sample

221002-qje5wsgdd8
MD5

5d5478858f3f577c7628a0eda9c9cdc7
SHA1

afff05b8f81457211f5ebf5d4b70aef4b7dd2bb0
SHA256

69e99e879cc0f5f739c1a6750c5c279dfdadeda838da65bd17b2343328e22a0f
SHA512

6c17fe8a8f03dbfa17aed973700ec5a42dac237fc62ba740b0e9f28b708e6ab9d4da7482eca44b68504205c3cc02647e04f1397cc4ee43e7ba64ec06573759a1
SSDEEP

1536:KGid3wJr+40YeQY3Z05lfrHJuLxwq1Uaz1ognWGlZre9:KR3wJr+4ZezyvjHE1n1UazRnfk

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

Behavioral task

behavioral1

Sample

69e99e879cc0f5f739c1a6750c5c279dfdadeda838da65bd17b2343328e22a0f.exe

Resource

win7-20220901-en

xtremerat persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

69e99e879cc0f5f739c1a6750c5c279dfdadeda838da65bd17b2343328e22a0f.exe

Resource

win10v2004-20220812-en

xtremerat persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

qp.no-ip.org

Targets

- Target
  
  69e99e879cc0f5f739c1a6750c5c279dfdadeda838da65bd17b2343328e22a0f
- Size
  
  81KB
- MD5
  
  5d5478858f3f577c7628a0eda9c9cdc7
- SHA1
  
  afff05b8f81457211f5ebf5d4b70aef4b7dd2bb0
- SHA256
  
  69e99e879cc0f5f739c1a6750c5c279dfdadeda838da65bd17b2343328e22a0f
- SHA512
  
  6c17fe8a8f03dbfa17aed973700ec5a42dac237fc62ba740b0e9f28b708e6ab9d4da7482eca44b68504205c3cc02647e04f1397cc4ee43e7ba64ec06573759a1
- SSDEEP
  
  1536:KGid3wJr+40YeQY3Z05lfrHJuLxwq1Uaz1ognWGlZre9:KR3wJr+4ZezyvjHE1n1UazRnfk
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2025

Terms | Privacy