xtremerat | c59f63a6ac9ac434dd9e414e9a088a3196c9a6a9756ff087034eae49fd08a676 | Triage

Submit
Reports

Overview

overview

Static

static

3

e52157c7d5...18.exe

windows7-x64

e52157c7d5...18.exe

windows10-2004-x64

Sharing

General

Target

e52157c7d5b90e4cb0a526920f9c4bba_JaffaCakes118
Size

377KB
Sample

240407-rn53jsec9z
MD5

e52157c7d5b90e4cb0a526920f9c4bba
SHA1

7cb4d04789929ddbd2328b6ae155dd778a30b7c2
SHA256

c59f63a6ac9ac434dd9e414e9a088a3196c9a6a9756ff087034eae49fd08a676
SHA512

9eebf6523a9ee21699e926bf6daa8d474564fc2520425fd0b3e7a187b1ec2a223d51a45680a201368e5cee2133b883d0e2d4a4c544006c1ffbdc938ae30feb9d
SSDEEP

6144:/2n8tZ8hI966AGkAjOpoaY7nEd/o5Z4HwK7MnDXPvMUKARegsaHJHTc8gNmEk:/2dq6xGJOpqbEu8GTPvMUjxdc8gNm

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e52157c7d5b90e4cb0a526920f9c4bba_JaffaCakes118.exe

Resource

win7-20240221-en

xtremerat persistence rat spyware

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

e52157c7d5b90e4cb0a526920f9c4bba_JaffaCakes118.exe

Resource

win10v2004-20240319-en

xtremerat persistence rat spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

far3on.zapto.org

Targets

- Target
  
  e52157c7d5b90e4cb0a526920f9c4bba_JaffaCakes118
- Size
  
  377KB
- MD5
  
  e52157c7d5b90e4cb0a526920f9c4bba
- SHA1
  
  7cb4d04789929ddbd2328b6ae155dd778a30b7c2
- SHA256
  
  c59f63a6ac9ac434dd9e414e9a088a3196c9a6a9756ff087034eae49fd08a676
- SHA512
  
  9eebf6523a9ee21699e926bf6daa8d474564fc2520425fd0b3e7a187b1ec2a223d51a45680a201368e5cee2133b883d0e2d4a4c544006c1ffbdc938ae30feb9d
- SSDEEP
  
  6144:/2n8tZ8hI966AGkAjOpoaY7nEd/o5Z4HwK7MnDXPvMUKARegsaHJHTc8gNmEk:/2dq6xGJOpqbEu8GTPvMUjxdc8gNm
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2024

Terms | Privacy