xtremerat | 3284a173e589b196130a10eb56183e4293bfb8e2e12938fe8c03e3134f3e6dbe | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

ed8b4f73f5...18.exe

windows7-x64

ed8b4f73f5...18.exe

windows10-2004-x64

Sharing

General

Target

ed8b4f73f551891b781a74365549a514_JaffaCakes118
Size

1.0MB
Sample

240411-qvdffacd93
MD5

ed8b4f73f551891b781a74365549a514
SHA1

be21daeddeca6a221e10c25753f24799fbf7b345
SHA256

3284a173e589b196130a10eb56183e4293bfb8e2e12938fe8c03e3134f3e6dbe
SHA512

547b222a9f634e2c520ad46f22b963b75641d945c9eb83aa690a5cca741f4509e73495a4c6944fdfbda40b7b05e1c049a2019d067308be88b5a65b6ab9c2d601
SSDEEP

24576:Xbmc/W0LYQribz44VybwhuM5ekfgHXMLU/ytvb0k9kIa2:X6kW00QR5U5TU0U/yVb0k+Ia2

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ed8b4f73f551891b781a74365549a514_JaffaCakes118.exe

Resource

win7-20240215-en

xtremerat persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

ed8b4f73f551891b781a74365549a514_JaffaCakes118.exe

Resource

win10v2004-20240226-en

xtremerat persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

123boof.no-ip.org

Targets

- Target
  
  ed8b4f73f551891b781a74365549a514_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  ed8b4f73f551891b781a74365549a514
- SHA1
  
  be21daeddeca6a221e10c25753f24799fbf7b345
- SHA256
  
  3284a173e589b196130a10eb56183e4293bfb8e2e12938fe8c03e3134f3e6dbe
- SHA512
  
  547b222a9f634e2c520ad46f22b963b75641d945c9eb83aa690a5cca741f4509e73495a4c6944fdfbda40b7b05e1c049a2019d067308be88b5a65b6ab9c2d601
- SSDEEP
  
  24576:Xbmc/W0LYQribz44VybwhuM5ekfgHXMLU/ytvb0k9kIa2:X6kW00QR5U5TU0U/yVb0k+Ia2
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2025

Terms | Privacy