xtremerat | fb5b66d698b22741a37a184f854a433fcc8100b31fbc36cd3504db8df4a0e32a | Triage

Submit
Reports

Overview

overview

Static

static

3

efa842eaaa...18.exe

windows7-x64

efa842eaaa...18.exe

windows10-2004-x64

Sharing

General

Target

efa842eaaab203a58905b990cf6355ed_JaffaCakes118
Size

384KB
Sample

240414-2dq6rafe56
MD5

efa842eaaab203a58905b990cf6355ed
SHA1

1d806019bc8c344ba7e702c20dbed6a120a216fb
SHA256

fb5b66d698b22741a37a184f854a433fcc8100b31fbc36cd3504db8df4a0e32a
SHA512

daf3227c75ec65bc11f94bb6931b1f51e1103cf4df60f1a5068401f7f230f905f05358b1c96f24a05d96a5f8557a4c8aa02d8746e3cccf0ecb5269603730fcfc
SSDEEP

3072:QI24SkDDRU/bLtDaN4UbqgQKYOZFLvy5n8xzKzJMG+UUXt2n/M+mrjtlJZ9Vi4KC:boiDKEt2n/M+WJ/04KLmqdx

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

efa842eaaab203a58905b990cf6355ed_JaffaCakes118.exe

Resource

win7-20240319-en

xtremerat persistence rat spyware

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

efa842eaaab203a58905b990cf6355ed_JaffaCakes118.exe

Resource

win10v2004-20240412-en

xtremerat persistence rat spyware

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  efa842eaaab203a58905b990cf6355ed_JaffaCakes118
- Size
  
  384KB
- MD5
  
  efa842eaaab203a58905b990cf6355ed
- SHA1
  
  1d806019bc8c344ba7e702c20dbed6a120a216fb
- SHA256
  
  fb5b66d698b22741a37a184f854a433fcc8100b31fbc36cd3504db8df4a0e32a
- SHA512
  
  daf3227c75ec65bc11f94bb6931b1f51e1103cf4df60f1a5068401f7f230f905f05358b1c96f24a05d96a5f8557a4c8aa02d8746e3cccf0ecb5269603730fcfc
- SSDEEP
  
  3072:QI24SkDDRU/bLtDaN4UbqgQKYOZFLvy5n8xzKzJMG+UUXt2n/M+mrjtlJZ9Vi4KC:boiDKEt2n/M+WJ/04KLmqdx
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2024

Terms | Privacy