xtremerat | 5a7006def138c9b6eb1c71294f65c76b9b91ea2ed010f1854f1286fc5e6ec19b | Triage

Submit
Reports

Overview

overview

Static

static

3

eca542c1e3...18.exe

windows7-x64

eca542c1e3...18.exe

windows10-2004-x64

Sharing

General

Target

eca542c1e38e0450e855d9cbb66e84e3_JaffaCakes118
Size

101KB
Sample

240411-evta4sca73
MD5

eca542c1e38e0450e855d9cbb66e84e3
SHA1

232b969cd81831a87a80dd15eb708032eacddaf7
SHA256

5a7006def138c9b6eb1c71294f65c76b9b91ea2ed010f1854f1286fc5e6ec19b
SHA512

5445222b001c252fc520074f7a0deb0db4081c4d959f061400bd3974f77ab753edb3602b7d27ec5db34f02016d92bcb610d8e12355d0615b584a4611ad0540d3
SSDEEP

1536:h5e9TOXZmOy2F9q0adirLKlTkHJE4UkWgIVPRRVouCJU:hw9TMZmz2GirLKuH6VxX

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

eca542c1e38e0450e855d9cbb66e84e3_JaffaCakes118.exe

Resource

win7-20240215-en

xtremerat persistence rat spyware

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

eca542c1e38e0450e855d9cbb66e84e3_JaffaCakes118.exe

Resource

win10v2004-20240226-en

xtremerat persistence rat spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

harshgupta.zapto.org

Targets

- Target
  
  eca542c1e38e0450e855d9cbb66e84e3_JaffaCakes118
- Size
  
  101KB
- MD5
  
  eca542c1e38e0450e855d9cbb66e84e3
- SHA1
  
  232b969cd81831a87a80dd15eb708032eacddaf7
- SHA256
  
  5a7006def138c9b6eb1c71294f65c76b9b91ea2ed010f1854f1286fc5e6ec19b
- SHA512
  
  5445222b001c252fc520074f7a0deb0db4081c4d959f061400bd3974f77ab753edb3602b7d27ec5db34f02016d92bcb610d8e12355d0615b584a4611ad0540d3
- SSDEEP
  
  1536:h5e9TOXZmOy2F9q0adirLKlTkHJE4UkWgIVPRRVouCJU:hw9TMZmz2GirLKuH6VxX
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2024

Terms | Privacy