xtremerat | 1ca47bfdd246a8fa3539f12fdb6805203779fc8990ec14922f76822aa7d3a026 | Triage

Submit
Reports

Overview

overview

Static

static

7

1075195887...82.exe

windows7-x64

1075195887...82.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

10751958871aa1a05353ab771f9f3d82
Size

93KB
Sample

231230-glxchsgfbk
MD5

10751958871aa1a05353ab771f9f3d82
SHA1

86fac3924d2fdea3b781adb585c4045f5ec0f0ee
SHA256

1ca47bfdd246a8fa3539f12fdb6805203779fc8990ec14922f76822aa7d3a026
SHA512

3e1f01f7cdbe7f8a16cff2b3c89bd6be131d997b4397d89b9524b2599ed69591b15e3f9d3e13f1e99c493f6e463f8e47e7974879ecc8950acfb983676cdcddbd
SSDEEP

1536:qdBs8iAqJuaOarNtWK1Y84rCmgvkkFQfcITcyhgLKLkqnYoe/P:Ay80JuaO6NJG84mbOfcIFhXLkqy/P

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

10751958871aa1a05353ab771f9f3d82.exe

Resource

win7-20231215-en

xtremerat persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

10751958871aa1a05353ab771f9f3d82.exe

Resource

win10v2004-20231215-en

xtremerat persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

jack-12.no-ip.org

Targets

- Target
  
  10751958871aa1a05353ab771f9f3d82
- Size
  
  93KB
- MD5
  
  10751958871aa1a05353ab771f9f3d82
- SHA1
  
  86fac3924d2fdea3b781adb585c4045f5ec0f0ee
- SHA256
  
  1ca47bfdd246a8fa3539f12fdb6805203779fc8990ec14922f76822aa7d3a026
- SHA512
  
  3e1f01f7cdbe7f8a16cff2b3c89bd6be131d997b4397d89b9524b2599ed69591b15e3f9d3e13f1e99c493f6e463f8e47e7974879ecc8950acfb983676cdcddbd
- SSDEEP
  
  1536:qdBs8iAqJuaOarNtWK1Y84rCmgvkkFQfcITcyhgLKLkqnYoe/P:Ay80JuaO6NJG84mbOfcIFhXLkqy/P
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2025

Terms | Privacy