xtremerat | 1dc9d1b003e885b7f06ee33955fc56455df41c5bf8748aa0e76e8a0fc7b37c4f | Triage

Submit
Reports

Overview

overview

Static

static

NEAS.ede32...43.exe

windows7-x64

NEAS.ede32...43.exe

windows10-2004-x64

Sharing

General

Target

NEAS.ede321ceaf563429f6738fd172937f43.exe
Size

42KB
Sample

231104-s2ggsacb4v
MD5

ede321ceaf563429f6738fd172937f43
SHA1

c2ab1b887f6799a7ab4f74a71a6d83039f30c42c
SHA256

1dc9d1b003e885b7f06ee33955fc56455df41c5bf8748aa0e76e8a0fc7b37c4f
SHA512

6e52fb09309d376cfb15fff16c3e2c7397cf2f07e1427a9d345c3bd356a2d933a16df7773589b6c30225af2b93396f50a29487fc3596f163f467bfa76813c180
SSDEEP

384:u3S1M6XizUkyeMdN/oNIjzqQ0YOPHXBJPcJqfeRBRXLJJtqsr4eGWG9ELJcSVjEc:u4egZtpjuTZsy8RXLbUKFqjC9PjzoI

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

NEAS.ede321ceaf563429f6738fd172937f43.exe

Resource

win7-20231023-en

xtremerat persistence rat spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.ede321ceaf563429f6738fd172937f43.exe

Resource

win10v2004-20231023-en

xtremerat persistence rat spyware

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.ede321ceaf563429f6738fd172937f43.exe
- Size
  
  42KB
- MD5
  
  ede321ceaf563429f6738fd172937f43
- SHA1
  
  c2ab1b887f6799a7ab4f74a71a6d83039f30c42c
- SHA256
  
  1dc9d1b003e885b7f06ee33955fc56455df41c5bf8748aa0e76e8a0fc7b37c4f
- SHA512
  
  6e52fb09309d376cfb15fff16c3e2c7397cf2f07e1427a9d345c3bd356a2d933a16df7773589b6c30225af2b93396f50a29487fc3596f163f467bfa76813c180
- SSDEEP
  
  384:u3S1M6XizUkyeMdN/oNIjzqQ0YOPHXBJPcJqfeRBRXLJJtqsr4eGWG9ELJcSVjEc:u4egZtpjuTZsy8RXLbUKFqjC9PjzoI
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2025

Terms | Privacy