xtremerat | 4427b579ca5f236df5555b5a2081d4878bb87380f8454389be2ea7d93099df85 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

4427b579ca...85.exe

windows7-x64

4427b579ca...85.exe

windows10-2004-x64

Sharing

General

Target

4427b579ca5f236df5555b5a2081d4878bb87380f8454389be2ea7d93099df85
Size

141KB
Sample

221129-le461afd84
MD5

fed012a067d88de8813c44b0ae3c2d5a
SHA1

b8c874c10321058b3247850880329bfd294e4f91
SHA256

4427b579ca5f236df5555b5a2081d4878bb87380f8454389be2ea7d93099df85
SHA512

0eb878ea3030d126b80cc7429127bed6775853084a02db4c435e91253fc5e569ee14529e332778215a064add33d4d05aefee5d5fd0dbaf8250a4b0e880fe6d04
SSDEEP

3072:RmVZ3bRZW2+dzaw0sMJttlUyFlI+e+RpOdKqWUuRj:aRDWB5A80I+svfuRj

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

Behavioral task

behavioral1

Sample

4427b579ca5f236df5555b5a2081d4878bb87380f8454389be2ea7d93099df85.exe

Resource

win7-20220812-en

xtremerat persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

4427b579ca5f236df5555b5a2081d4878bb87380f8454389be2ea7d93099df85.exe

Resource

win10v2004-20221111-en

xtremerat persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  4427b579ca5f236df5555b5a2081d4878bb87380f8454389be2ea7d93099df85
- Size
  
  141KB
- MD5
  
  fed012a067d88de8813c44b0ae3c2d5a
- SHA1
  
  b8c874c10321058b3247850880329bfd294e4f91
- SHA256
  
  4427b579ca5f236df5555b5a2081d4878bb87380f8454389be2ea7d93099df85
- SHA512
  
  0eb878ea3030d126b80cc7429127bed6775853084a02db4c435e91253fc5e569ee14529e332778215a064add33d4d05aefee5d5fd0dbaf8250a4b0e880fe6d04
- SSDEEP
  
  3072:RmVZ3bRZW2+dzaw0sMJttlUyFlI+e+RpOdKqWUuRj:aRDWB5A80I+svfuRj
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2025

Terms | Privacy