xtremerat | 9768e004105a7fbdff97a5fdbadf05d23e0f404b5ffb8580c332108a1227d639 | Triage

Submit
Reports

Overview

overview

Static

static

3

ea5a0fe7f1...18.exe

windows7-x64

ea5a0fe7f1...18.exe

windows10-2004-x64

Sharing

General

Target

ea5a0fe7f15672f1b24560513b82c616_JaffaCakes118
Size

94KB
Sample

240409-tapjraeg8y
MD5

ea5a0fe7f15672f1b24560513b82c616
SHA1

b80f5aec460266ad03a507b4b57bec7f21a4da65
SHA256

9768e004105a7fbdff97a5fdbadf05d23e0f404b5ffb8580c332108a1227d639
SHA512

0260a332e5cf2a7659ee45ac5d892eb5be046e8dfc28b9b6b0667a3024f1b966a10c4b1779e640bd816a30b7adb53a5bc0ad421ceef1db6ca98a22727e9176e8
SSDEEP

1536:zHw+A9jYNMCHrrMPIE+VWL4zu/7ogBLj2amChjQG7NpgFg8FKY7cj:TY5QHrrNE+Vi/Np2aBd7YgiK/j

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ea5a0fe7f15672f1b24560513b82c616_JaffaCakes118.exe

Resource

win7-20240220-en

xtremerat persistence rat spyware

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

ea5a0fe7f15672f1b24560513b82c616_JaffaCakes118.exe

Resource

win10v2004-20240226-en

xtremerat persistence rat spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

boika.zapto.org

Targets

- Target
  
  ea5a0fe7f15672f1b24560513b82c616_JaffaCakes118
- Size
  
  94KB
- MD5
  
  ea5a0fe7f15672f1b24560513b82c616
- SHA1
  
  b80f5aec460266ad03a507b4b57bec7f21a4da65
- SHA256
  
  9768e004105a7fbdff97a5fdbadf05d23e0f404b5ffb8580c332108a1227d639
- SHA512
  
  0260a332e5cf2a7659ee45ac5d892eb5be046e8dfc28b9b6b0667a3024f1b966a10c4b1779e640bd816a30b7adb53a5bc0ad421ceef1db6ca98a22727e9176e8
- SSDEEP
  
  1536:zHw+A9jYNMCHrrMPIE+VWL4zu/7ogBLj2amChjQG7NpgFg8FKY7cj:TY5QHrrNE+Vi/Np2aBd7YgiK/j
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2024

Terms | Privacy