xtremerat | 40248f33d959495f8f7b35c15f1858a31d874ef3366f2bd6f624138ea6d4b70a | Triage

Submit
Reports

Overview

overview

Static

static

3

ecbbeb93d6...18.exe

windows7-x64

ecbbeb93d6...18.exe

windows10-2004-x64

Sharing

General

Target

ecbbeb93d61f0d6fd5b002749e4acd3b_JaffaCakes118
Size

301KB
Sample

240411-fv871adb27
MD5

ecbbeb93d61f0d6fd5b002749e4acd3b
SHA1

b13339519df07c12ef58704623d7f923e6086a78
SHA256

40248f33d959495f8f7b35c15f1858a31d874ef3366f2bd6f624138ea6d4b70a
SHA512

35921ea2c73d4a81837d5d112d49d1f5cb922a63f8e4a87ebc1ad4ac2795369fa35478262c1e9146cdf36ac72e22dd6508825322b02a569c579f2948ef7ac137
SSDEEP

6144:ouwcImdB0feFQ4cV4PyVQMPOQztf3Dbpj1nZAbos/Fu28Ah:oJKd694PyVQ2tf/7nXs/Fnb

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ecbbeb93d61f0d6fd5b002749e4acd3b_JaffaCakes118.exe

Resource

win7-20240221-en

xtremerat persistence rat spyware upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

ecbbeb93d61f0d6fd5b002749e4acd3b_JaffaCakes118.exe

Resource

win10v2004-20240226-en

xtremerat persistence rat spyware upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

antonio130.no-ip.org

Targets

- Target
  
  ecbbeb93d61f0d6fd5b002749e4acd3b_JaffaCakes118
- Size
  
  301KB
- MD5
  
  ecbbeb93d61f0d6fd5b002749e4acd3b
- SHA1
  
  b13339519df07c12ef58704623d7f923e6086a78
- SHA256
  
  40248f33d959495f8f7b35c15f1858a31d874ef3366f2bd6f624138ea6d4b70a
- SHA512
  
  35921ea2c73d4a81837d5d112d49d1f5cb922a63f8e4a87ebc1ad4ac2795369fa35478262c1e9146cdf36ac72e22dd6508825322b02a569c579f2948ef7ac137
- SSDEEP
  
  6144:ouwcImdB0feFQ4cV4PyVQMPOQztf3Dbpj1nZAbos/Fu28Ah:oJKd694PyVQ2tf/7nXs/Fnb
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2024

Terms | Privacy