xtremerat | 735b71185875369df7ce0a10b5ec5406b387bb15aea870e54074be35330e4782 | Triage

Submit
Reports

Overview

overview

Static

static

3

e0bff9dee5...5a.exe

windows7-x64

e0bff9dee5...5a.exe

windows10-2004-x64

Sharing

General

Target

e0bff9dee51b34004b7f60c45c72275a
Size

49KB
Sample

240327-ew1ftaff2x
MD5

e0bff9dee51b34004b7f60c45c72275a
SHA1

d51da51a598b247be0c568a0bd3e1ce7cc903c1c
SHA256

735b71185875369df7ce0a10b5ec5406b387bb15aea870e54074be35330e4782
SHA512

2ba9e4b445518d0031ca95e76c6390accdcb04dcb5b11d4f57d1e1613e68844760b1c94a2da508794586ed4cad0f5dddf4e465349bfe5159a58d9e0ab898035b
SSDEEP

768:bZOHoR5H/z3eKQSWFzxG6pEAihXCHMsF8ltMxuvsMgbVxFsfWTaCO25ij:leo//Q9LRv39uvt8VYfuaCij

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e0bff9dee51b34004b7f60c45c72275a.exe

Resource

win7-20240221-en

xtremerat persistence rat spyware upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

e0bff9dee51b34004b7f60c45c72275a.exe

Resource

win10v2004-20240226-en

xtremerat persistence rat spyware upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  e0bff9dee51b34004b7f60c45c72275a
- Size
  
  49KB
- MD5
  
  e0bff9dee51b34004b7f60c45c72275a
- SHA1
  
  d51da51a598b247be0c568a0bd3e1ce7cc903c1c
- SHA256
  
  735b71185875369df7ce0a10b5ec5406b387bb15aea870e54074be35330e4782
- SHA512
  
  2ba9e4b445518d0031ca95e76c6390accdcb04dcb5b11d4f57d1e1613e68844760b1c94a2da508794586ed4cad0f5dddf4e465349bfe5159a58d9e0ab898035b
- SSDEEP
  
  768:bZOHoR5H/z3eKQSWFzxG6pEAihXCHMsF8ltMxuvsMgbVxFsfWTaCO25ij:leo//Q9LRv39uvt8VYfuaCij
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2024

Terms | Privacy