xtremerat | ed19890e682b425e2e793e6d50d2007fbc972d99d1a59bdf84dac85efc5b56ce | Triage

Submit
Reports

Overview

overview

Static

static

ed19890e68...ce.exe

windows7-x64

ed19890e68...ce.exe

windows10-2004-x64

Sharing

General

Target

ed19890e682b425e2e793e6d50d2007fbc972d99d1a59bdf84dac85efc5b56ce
Size

108KB
Sample

221203-tvpegsfd59
MD5

235b427faf680f993abc1942f180bbde
SHA1

f376d85034e732df4c27365a514972001b0b0474
SHA256

ed19890e682b425e2e793e6d50d2007fbc972d99d1a59bdf84dac85efc5b56ce
SHA512

42eb7a8879e144d93269431083b405cdfed45a0cde78f59675cf8e81b2b126b12395f7ed0d9511bef33f6c13e8b50d595a6e2ddf31be58b8d7ccc686c2ba409d
SSDEEP

1536:6YTx/EFizHrIksvsYEIwZGhB7H2X/QuPNPlqwAmLOqIxDh871vNNlzx:62LIFP7WX7lqw5OqCh6xp

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

Behavioral task

behavioral1

Sample

ed19890e682b425e2e793e6d50d2007fbc972d99d1a59bdf84dac85efc5b56ce.exe

Resource

win7-20220812-en

xtremerat persistence rat spyware

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

ed19890e682b425e2e793e6d50d2007fbc972d99d1a59bdf84dac85efc5b56ce.exe

Resource

win10v2004-20220812-en

xtremerat persistence rat spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

\Users\richard\AppData\Roaming\Microsoft\linep.no-ip.org

Targets

- Target
  
  ed19890e682b425e2e793e6d50d2007fbc972d99d1a59bdf84dac85efc5b56ce
- Size
  
  108KB
- MD5
  
  235b427faf680f993abc1942f180bbde
- SHA1
  
  f376d85034e732df4c27365a514972001b0b0474
- SHA256
  
  ed19890e682b425e2e793e6d50d2007fbc972d99d1a59bdf84dac85efc5b56ce
- SHA512
  
  42eb7a8879e144d93269431083b405cdfed45a0cde78f59675cf8e81b2b126b12395f7ed0d9511bef33f6c13e8b50d595a6e2ddf31be58b8d7ccc686c2ba409d
- SSDEEP
  
  1536:6YTx/EFizHrIksvsYEIwZGhB7H2X/QuPNPlqwAmLOqIxDh871vNNlzx:62LIFP7WX7lqw5OqCh6xp
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2025

Terms | Privacy