xtremerat | 4aa74c09b33e85f7de851c4caf58f9cbec4f1ac6fdd1ed231e66e0a3335dd840 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

8fbaf88258...86.exe

windows7-x64

8fbaf88258...86.exe

windows10-2004-x64

Sharing

General

Target

8fbaf88258e1acee8e1c85cb1cd92386
Size

183KB
Sample

240204-vx6l8ahahk
MD5

8fbaf88258e1acee8e1c85cb1cd92386
SHA1

07375744c64ac222cb863088bb3897533ced6770
SHA256

4aa74c09b33e85f7de851c4caf58f9cbec4f1ac6fdd1ed231e66e0a3335dd840
SHA512

665a1e8cb3e9b2101aa6112ce46227aa0313978ddea5bad696d001bdcd70e9b0dc2c26c5a1894ca67b7e0ec16f6404ecc530cb84bc554194c3442940697efbe3
SSDEEP

3072:hBPe+2TmObY97TkP7r7QYz0vaRUU4I82pdwVP8KmDnYZUpyl+9R2uhYJ5jP:veTmOb0fC/WypdwVkK8nxxhe

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8fbaf88258e1acee8e1c85cb1cd92386.exe

Resource

win7-20231215-en

xtremerat persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

8fbaf88258e1acee8e1c85cb1cd92386.exe

Resource

win10v2004-20231222-en

xtremerat persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

headnoip.zapto.org

Targets

- Target
  
  8fbaf88258e1acee8e1c85cb1cd92386
- Size
  
  183KB
- MD5
  
  8fbaf88258e1acee8e1c85cb1cd92386
- SHA1
  
  07375744c64ac222cb863088bb3897533ced6770
- SHA256
  
  4aa74c09b33e85f7de851c4caf58f9cbec4f1ac6fdd1ed231e66e0a3335dd840
- SHA512
  
  665a1e8cb3e9b2101aa6112ce46227aa0313978ddea5bad696d001bdcd70e9b0dc2c26c5a1894ca67b7e0ec16f6404ecc530cb84bc554194c3442940697efbe3
- SSDEEP
  
  3072:hBPe+2TmObY97TkP7r7QYz0vaRUU4I82pdwVP8KmDnYZUpyl+9R2uhYJ5jP:veTmOb0fC/WypdwVkK8nxxhe
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2025

Terms | Privacy