xtremerat | 5001b90597810359564614449589d00f9893845cc2a0a1ba189a4b8dc6f85afc | Triage

Submit
Reports

Overview

overview

Static

static

7

e315b3d3e4...18.exe

windows7-x64

e315b3d3e4...18.exe

windows10-2004-x64

Sharing

General

Target

e315b3d3e47bf4dc0c87d6c3b652e3fd_JaffaCakes118
Size

180KB
Sample

240406-xzgrzshc63
MD5

e315b3d3e47bf4dc0c87d6c3b652e3fd
SHA1

eada9af08cbc8e8007581bcc3bc12f3b37cec033
SHA256

5001b90597810359564614449589d00f9893845cc2a0a1ba189a4b8dc6f85afc
SHA512

c07efac0f0cb512475f66a76ce5b617a4b1f369d2078c2e764734548cd1a62819b6ce258559a7bb9d333c8288a7c39ae2818f8d41def99f866f7acec5d6d393a
SSDEEP

768:6MnIqgFMg9dvtRKLltgqzGPwPIUn0nrWWWFGjx/bPriUWUGTxFbPrlpWPGyxebPe:6a09yltH3P5n0n6WWFgPWUmPWPQ

Score

10^/10

xtremerat aspackv2 persistence rat spyware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e315b3d3e47bf4dc0c87d6c3b652e3fd_JaffaCakes118.exe

Resource

win7-20240220-en

xtremerat aspackv2 persistence rat spyware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

e315b3d3e47bf4dc0c87d6c3b652e3fd_JaffaCakes118.exe

Resource

win10v2004-20231215-en

xtremerat aspackv2 persistence rat spyware

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

momo44.no-ip.biz

Targets

- Target
  
  e315b3d3e47bf4dc0c87d6c3b652e3fd_JaffaCakes118
- Size
  
  180KB
- MD5
  
  e315b3d3e47bf4dc0c87d6c3b652e3fd
- SHA1
  
  eada9af08cbc8e8007581bcc3bc12f3b37cec033
- SHA256
  
  5001b90597810359564614449589d00f9893845cc2a0a1ba189a4b8dc6f85afc
- SHA512
  
  c07efac0f0cb512475f66a76ce5b617a4b1f369d2078c2e764734548cd1a62819b6ce258559a7bb9d333c8288a7c39ae2818f8d41def99f866f7acec5d6d393a
- SSDEEP
  
  768:6MnIqgFMg9dvtRKLltgqzGPwPIUn0nrWWWFGjx/bPriUWUGTxFbPrlpWPGyxebPe:6a09yltH3P5n0n6WWFgPWUmPWPQ
Score

10^/10

xtremerat aspackv2 persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Modifies Installed Components in the registry
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremerataspackv2persistenceratspyware

behavioral2

xtremerataspackv2persistenceratspyware

© 2018-2024

Terms | Privacy