xtremerat | 524d9fac753e37549b1a5c26fd8d3bcf50e8dfc5052eecc7e4c93fc0882ecd71 | Triage

Submit
Reports

Overview

overview

Static

static

524d9fac75...71.exe

windows7-x64

524d9fac75...71.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

524d9fac753e37549b1a5c26fd8d3bcf50e8dfc5052eecc7e4c93fc0882ecd71
Size

230KB
Sample

221107-yj7txaehf2
MD5

03a5f9e980a227a93d29fe173452bb43
SHA1

414a6f17afd586315d8348c1eb134d9521d38e9a
SHA256

524d9fac753e37549b1a5c26fd8d3bcf50e8dfc5052eecc7e4c93fc0882ecd71
SHA512

f2c482a06fbea64b7367e616b414102c6fff0ff1c5bd6208b0be269827804c7160accf680b8da73379a673b8f759f4264997e7193228cdc93fa6c8f837b14608
SSDEEP

6144:y4NPlddSypprK1zekj/LwxX+drK1zekj/LwxX9:y4N9ddSypp+13/LwK+13/Lw9

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

Behavioral task

behavioral1

Sample

524d9fac753e37549b1a5c26fd8d3bcf50e8dfc5052eecc7e4c93fc0882ecd71.exe

Resource

win7-20220812-en

xtremerat persistence rat spyware

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

524d9fac753e37549b1a5c26fd8d3bcf50e8dfc5052eecc7e4c93fc0882ecd71.exe

Resource

win10v2004-20220812-en

xtremerat persistence rat spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

obscurpuissance.myftp.org

Targets

- Target
  
  524d9fac753e37549b1a5c26fd8d3bcf50e8dfc5052eecc7e4c93fc0882ecd71
- Size
  
  230KB
- MD5
  
  03a5f9e980a227a93d29fe173452bb43
- SHA1
  
  414a6f17afd586315d8348c1eb134d9521d38e9a
- SHA256
  
  524d9fac753e37549b1a5c26fd8d3bcf50e8dfc5052eecc7e4c93fc0882ecd71
- SHA512
  
  f2c482a06fbea64b7367e616b414102c6fff0ff1c5bd6208b0be269827804c7160accf680b8da73379a673b8f759f4264997e7193228cdc93fa6c8f837b14608
- SSDEEP
  
  6144:y4NPlddSypprK1zekj/LwxX+drK1zekj/LwxX9:y4N9ddSypp+13/LwK+13/Lw9
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2025

Terms | Privacy