xtremerat

General

Target

e327a743f81a3ae07c17f1d5a57828ad4710538b7720415d0ffb26ec3c4d3587
Size

54KB
Sample

221004-bhsx2afaf5
MD5

04c4553c0a90ce1678e23e9caeb1e638
SHA1

f5e8af3974ecff65dbd7438c492c26073dbdc33f
SHA256

e327a743f81a3ae07c17f1d5a57828ad4710538b7720415d0ffb26ec3c4d3587
SHA512

d1f188b4b1f2e255e2f6de3ca4a76ade1dd32f9126a284acadb65cebec875f98f3755124124b8ea17c50e4137445b04144e51762d408877d6eee48d23d9f5b02
SSDEEP

768:qiIofHSeDVtA/Wy8XIvguzGZkmNi8KicZu4CHzGmSVbRnb1UGme4oUL3zePZo5YC:qSrCJRvghVNDuZ0Gm4V1UGm3oozeR9o

Score

10^/10

Malware Config

Extracted

Family

xtremerat

C2

撰hack4ps.no-ip.info

6JhgEskcretMKY0gNfPERSISTxkiller.no-ip.info

Targets

- Target
  
  e327a743f81a3ae07c17f1d5a57828ad4710538b7720415d0ffb26ec3c4d3587
- Size
  
  54KB
- MD5
  
  04c4553c0a90ce1678e23e9caeb1e638
- SHA1
  
  f5e8af3974ecff65dbd7438c492c26073dbdc33f
- SHA256
  
  e327a743f81a3ae07c17f1d5a57828ad4710538b7720415d0ffb26ec3c4d3587
- SHA512
  
  d1f188b4b1f2e255e2f6de3ca4a76ade1dd32f9126a284acadb65cebec875f98f3755124124b8ea17c50e4137445b04144e51762d408877d6eee48d23d9f5b02
- SSDEEP
  
  768:qiIofHSeDVtA/Wy8XIvguzGZkmNi8KicZu4CHzGmSVbRnb1UGme4oUL3zePZo5YC:qSrCJRvghVNDuZ0Gm4V1UGm3oozeR9o
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect XtremeRAT payload

Modifies Installed Components in the registry

UPX packed file

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2