xtremerat | e9816aabd7285688210a208c575924006a302ed90b19f2cfd0c96867e3419204 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e9816aabd7285688210a208c575924006a302ed90b19f2cfd0c96867e3419204
Size

60KB
Sample

221201-kywtasgc4v
MD5

8527d1db4d60187612b5b04710918d62
SHA1

024b1417b7c1b2eacff0ecb5323e3b5609be1e18
SHA256

e9816aabd7285688210a208c575924006a302ed90b19f2cfd0c96867e3419204
SHA512

be0e6ef4fb69b67f75e7ec798ea3681a153d868ace7c85f440cd948074dd89f6a94c1d8ae693571a9967a920a1a3eef90b12f700545eed0fc1f19f50d3394f4e
SSDEEP

768:z3s+6jF/90iYiW1jQU9zKgEFQDqkldnBnibh9fOgKHc0S8YzXBBS8YzXB5zokH6:Lng4v1j1PEFQDqkFibT+UFruFrvoH

Score

10^/10

xtremerat persistence rat spyware

Malware Config

Targets

- Target
  
  e9816aabd7285688210a208c575924006a302ed90b19f2cfd0c96867e3419204
- Size
  
  60KB
- MD5
  
  8527d1db4d60187612b5b04710918d62
- SHA1
  
  024b1417b7c1b2eacff0ecb5323e3b5609be1e18
- SHA256
  
  e9816aabd7285688210a208c575924006a302ed90b19f2cfd0c96867e3419204
- SHA512
  
  be0e6ef4fb69b67f75e7ec798ea3681a153d868ace7c85f440cd948074dd89f6a94c1d8ae693571a9967a920a1a3eef90b12f700545eed0fc1f19f50d3394f4e
- SSDEEP
  
  768:z3s+6jF/90iYiW1jQU9zKgEFQDqkldnBnibh9fOgKHc0S8YzXBBS8YzXB5zokH6:Lng4v1j1PEFQDqkFibT+UFruFrvoH
Score

10^/10

xtremerat persistence rat spyware
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2