xtremerat | 865ee3d67afe1fd11fbb5906094d7fb9ed1712f53678d49edc092657bd46d816 | Triage

Submit
Reports

Overview

overview

Static

static

865ee3d67a...16.exe

windows7-x64

865ee3d67a...16.exe

windows10-2004-x64

Sharing

General

Target

865ee3d67afe1fd11fbb5906094d7fb9ed1712f53678d49edc092657bd46d816
Size

118KB
Sample

221123-2cdh9she49
MD5

5177f64dcb7ee531eb5a96039656feda
SHA1

8affb58b0b0a489839c253b50c8bf0b371de971d
SHA256

865ee3d67afe1fd11fbb5906094d7fb9ed1712f53678d49edc092657bd46d816
SHA512

52b06d5df1655f179c96f2f9bf8be71e941bd811dd89ad54ec2b780b9b6fc5bd5c768de4961e3904fd62bce0c576c136eb5b294575c350f15b10f26a996022ca
SSDEEP

3072:YkYprM/xfKhNDbqWfHjghSWAif82nLW6jN:0YKhNDbTghSWAifHd

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

Behavioral task

behavioral1

Sample

865ee3d67afe1fd11fbb5906094d7fb9ed1712f53678d49edc092657bd46d816.exe

Resource

win7-20220901-en

xtremerat persistence rat spyware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

865ee3d67afe1fd11fbb5906094d7fb9ed1712f53678d49edc092657bd46d816.exe

Resource

win10v2004-20221111-en

xtremerat persistence rat spyware

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

torrentt.no-ip.info

Targets

- Target
  
  865ee3d67afe1fd11fbb5906094d7fb9ed1712f53678d49edc092657bd46d816
- Size
  
  118KB
- MD5
  
  5177f64dcb7ee531eb5a96039656feda
- SHA1
  
  8affb58b0b0a489839c253b50c8bf0b371de971d
- SHA256
  
  865ee3d67afe1fd11fbb5906094d7fb9ed1712f53678d49edc092657bd46d816
- SHA512
  
  52b06d5df1655f179c96f2f9bf8be71e941bd811dd89ad54ec2b780b9b6fc5bd5c768de4961e3904fd62bce0c576c136eb5b294575c350f15b10f26a996022ca
- SSDEEP
  
  3072:YkYprM/xfKhNDbqWfHjghSWAif82nLW6jN:0YKhNDbTghSWAifHd
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2025

Terms | Privacy