xtremerat | 4c0c9f8c773d5cc77601fe14009e05ebc723e95f586519d0e4fdae5f35fa525d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

4c0c9f8c77...5d.exe

windows7-x64

4c0c9f8c77...5d.exe

windows10-2004-x64

Sharing

General

Target

4c0c9f8c773d5cc77601fe14009e05ebc723e95f586519d0e4fdae5f35fa525d
Size

585KB
Sample

221003-s886dadec7
MD5

55c0e0fb391a3ce4caaac1c49ed1ac00
SHA1

868da3a8c72eff600d54be3babe3721489a85500
SHA256

4c0c9f8c773d5cc77601fe14009e05ebc723e95f586519d0e4fdae5f35fa525d
SHA512

60a5a4f182a5e0dab19709276746465ae277822b990e95121cbb170d2c4e29a6d71457a4817f88d7f10aa464d2974cbdb4b7eeffe60b9e44d02bf0b30f608df1
SSDEEP

12288:Za7XtTWupXNT35AcFqTCC5ktTWupXNT35AcFqTCC5I:ZEhZpXJ3SGqTCCuhZpXJ3SGqTCCm

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4c0c9f8c773d5cc77601fe14009e05ebc723e95f586519d0e4fdae5f35fa525d.exe

Resource

win7-20220812-en

xtremerat persistence rat spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

4c0c9f8c773d5cc77601fe14009e05ebc723e95f586519d0e4fdae5f35fa525d.exe

Resource

win10v2004-20220901-en

xtremerat persistence rat spyware

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

mrdead.no-ip.org

Targets

- Target
  
  4c0c9f8c773d5cc77601fe14009e05ebc723e95f586519d0e4fdae5f35fa525d
- Size
  
  585KB
- MD5
  
  55c0e0fb391a3ce4caaac1c49ed1ac00
- SHA1
  
  868da3a8c72eff600d54be3babe3721489a85500
- SHA256
  
  4c0c9f8c773d5cc77601fe14009e05ebc723e95f586519d0e4fdae5f35fa525d
- SHA512
  
  60a5a4f182a5e0dab19709276746465ae277822b990e95121cbb170d2c4e29a6d71457a4817f88d7f10aa464d2974cbdb4b7eeffe60b9e44d02bf0b30f608df1
- SSDEEP
  
  12288:Za7XtTWupXNT35AcFqTCC5ktTWupXNT35AcFqTCC5I:ZEhZpXJ3SGqTCCuhZpXJ3SGqTCCm
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Modifies Installed Components in the registry
  persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2025

Terms | Privacy