xtremerat | be6d24011b283bcbe229816cd904df28ed76a6df4a94c14e1d3eff72e9c2521e | Triage

Submit
Reports

Overview

overview

Static

static

be6d24011b...1e.exe

windows7-x64

be6d24011b...1e.exe

windows10-2004-x64

Sharing

General

Target

be6d24011b283bcbe229816cd904df28ed76a6df4a94c14e1d3eff72e9c2521e
Size

34KB
Sample

221020-ltxepsgbfq
MD5

416cf3f11aac89b4b3df4adf7d487799
SHA1

26022f7ee09babc13ca95a1598e7382b5f87aa4d
SHA256

be6d24011b283bcbe229816cd904df28ed76a6df4a94c14e1d3eff72e9c2521e
SHA512

80d22d4ec9fe46da29d3ac89616bf790df8293aa8539a45d324b235e729773ffc858d56e5f9a142bfd1c795916f41c68d4c172c8b04957d10513a6fab7a3c5e1
SSDEEP

768:MZfuHUvwDKP6kMptT31tkjM7+Gso+l9/92pvn:MBzvwXN3P7+to+l192pv

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

be6d24011b283bcbe229816cd904df28ed76a6df4a94c14e1d3eff72e9c2521e.exe

Resource

win7-20220812-en

xtremerat persistence rat spyware upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

be6d24011b283bcbe229816cd904df28ed76a6df4a94c14e1d3eff72e9c2521e.exe

Resource

win10v2004-20220812-en

xtremerat persistence rat spyware upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  be6d24011b283bcbe229816cd904df28ed76a6df4a94c14e1d3eff72e9c2521e
- Size
  
  34KB
- MD5
  
  416cf3f11aac89b4b3df4adf7d487799
- SHA1
  
  26022f7ee09babc13ca95a1598e7382b5f87aa4d
- SHA256
  
  be6d24011b283bcbe229816cd904df28ed76a6df4a94c14e1d3eff72e9c2521e
- SHA512
  
  80d22d4ec9fe46da29d3ac89616bf790df8293aa8539a45d324b235e729773ffc858d56e5f9a142bfd1c795916f41c68d4c172c8b04957d10513a6fab7a3c5e1
- SSDEEP
  
  768:MZfuHUvwDKP6kMptT31tkjM7+Gso+l9/92pvn:MBzvwXN3P7+to+l192pv
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2025

Terms | Privacy