xtremerat | 9511bc47977109523305355c4988d36bce5ae31f137415fead22f1a99a0956cb | Triage

Submit
Reports

Overview

overview

Static

static

9511bc4797...cb.exe

windows7-x64

9511bc4797...cb.exe

windows10-2004-x64

5

Sharing

General

Target

9511bc47977109523305355c4988d36bce5ae31f137415fead22f1a99a0956cb
Size

106KB
Sample

221204-c2g6bahh25
MD5

d40f3860f368a7aba9042c64a81f976a
SHA1

6118d1a559aa28d5cfab82a6bffb7f32b345cc5b
SHA256

9511bc47977109523305355c4988d36bce5ae31f137415fead22f1a99a0956cb
SHA512

c751fdbb4507a9a96876f049ed6a4676913d73167832c7f558b255d875a32787cbaaf2b0b8eca42b7d305a4f0b9e4833bc42b9ae14b18be7440e5ad8e0fd77b1
SSDEEP

1536:UMv0eWxcv2LAxM4yPp33eDdhoh8SHtNTIT2wRbsbGShrIqP6B/PhMGub8jbrhwH:UM8Zam4c3uZhPSNNKRbsbDIYEtbdw

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

Behavioral task

behavioral1

Sample

9511bc47977109523305355c4988d36bce5ae31f137415fead22f1a99a0956cb.exe

Resource

win7-20220812-en

xtremerat persistence rat spyware upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9511bc47977109523305355c4988d36bce5ae31f137415fead22f1a99a0956cb.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

ripcurl32.no-ip.biz

Targets

- Target
  
  9511bc47977109523305355c4988d36bce5ae31f137415fead22f1a99a0956cb
- Size
  
  106KB
- MD5
  
  d40f3860f368a7aba9042c64a81f976a
- SHA1
  
  6118d1a559aa28d5cfab82a6bffb7f32b345cc5b
- SHA256
  
  9511bc47977109523305355c4988d36bce5ae31f137415fead22f1a99a0956cb
- SHA512
  
  c751fdbb4507a9a96876f049ed6a4676913d73167832c7f558b255d875a32787cbaaf2b0b8eca42b7d305a4f0b9e4833bc42b9ae14b18be7440e5ad8e0fd77b1
- SSDEEP
  
  1536:UMv0eWxcv2LAxM4yPp33eDdhoh8SHtNTIT2wRbsbGShrIqP6B/PhMGub8jbrhwH:UM8Zam4c3uZhPSNNKRbsbDIYEtbdw
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

© 2018-2025

Terms | Privacy