xtremerat | 5352dca0fb18c755d8ebe6b73b4fe5e1ff115b518fd61d0ac31f089ec6ab3e33 | Triage

Submit
Reports

Overview

overview

Static

static

5352dca0fb...33.exe

windows7-x64

5352dca0fb...33.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

5352dca0fb18c755d8ebe6b73b4fe5e1ff115b518fd61d0ac31f089ec6ab3e33
Size

21KB
Sample

221129-qpf95sch68
MD5

6ef8b723f274ba70e44f2ecf70a2737a
SHA1

5a10939c81e8e9d6f7dd56a7fc3feda13e89e7be
SHA256

5352dca0fb18c755d8ebe6b73b4fe5e1ff115b518fd61d0ac31f089ec6ab3e33
SHA512

1f2f854ef5dfb7195ab6b892de897f709a3afd45eae6bd9d7ed510840c52210626b314409aa116aa636ab376832915dbab64a5ab5370674c64f5f775afc1dba1
SSDEEP

384:rtIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlckbzb8Q1ppLR:5IsF81fG9QveLOYTe5YiekT8o1

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

5352dca0fb18c755d8ebe6b73b4fe5e1ff115b518fd61d0ac31f089ec6ab3e33.exe

Resource

win7-20220812-en

xtremerat persistence rat spyware upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

5352dca0fb18c755d8ebe6b73b4fe5e1ff115b518fd61d0ac31f089ec6ab3e33.exe

Resource

win10v2004-20220812-en

xtremerat persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

şᥨ⭨majaaz.zapto.org

씈majaaz.zapto.org

쀈majaaz.zapto.org

Targets

- Target
  
  5352dca0fb18c755d8ebe6b73b4fe5e1ff115b518fd61d0ac31f089ec6ab3e33
- Size
  
  21KB
- MD5
  
  6ef8b723f274ba70e44f2ecf70a2737a
- SHA1
  
  5a10939c81e8e9d6f7dd56a7fc3feda13e89e7be
- SHA256
  
  5352dca0fb18c755d8ebe6b73b4fe5e1ff115b518fd61d0ac31f089ec6ab3e33
- SHA512
  
  1f2f854ef5dfb7195ab6b892de897f709a3afd45eae6bd9d7ed510840c52210626b314409aa116aa636ab376832915dbab64a5ab5370674c64f5f775afc1dba1
- SSDEEP
  
  384:rtIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNlckbzb8Q1ppLR:5IsF81fG9QveLOYTe5YiekT8o1
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2025

Terms | Privacy