xtremerat | e0f00a909c84ca44cf2af2c13c9f1aed50e1a8fdeedea378828220769ad4a4c9 | Triage

Submit
Reports

Overview

overview

Static

static

3

f175c34c3f...18.exe

windows7-x64

f175c34c3f...18.exe

windows10-2004-x64

Sharing

General

Target

f175c34c3f9120231b103bd0ef6e13f1_JaffaCakes118
Size

320KB
Sample

240415-tl5ecaae85
MD5

f175c34c3f9120231b103bd0ef6e13f1
SHA1

9e4b84399bf23e45e64f0fc6f4edc011462ad4f8
SHA256

e0f00a909c84ca44cf2af2c13c9f1aed50e1a8fdeedea378828220769ad4a4c9
SHA512

c303e0e9d37088ae545d175769c09847622824f196f8691963e3df9a644be9c82cfebe3c14d71069653193ef4791801b503c7148349f94fea11c96a96577cfad
SSDEEP

1536:rwPGSmhCmW7G/K+BX7Fd2dKJQmE8H2Xv04gnACskYPrx9GDgw/PVQ:UGSkX/K+BX7pJ/mvQzskYPrx9GDlC

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f175c34c3f9120231b103bd0ef6e13f1_JaffaCakes118.exe

Resource

win7-20240221-en

xtremerat persistence rat spyware

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

f175c34c3f9120231b103bd0ef6e13f1_JaffaCakes118.exe

Resource

win10v2004-20240412-en

xtremerat persistence rat spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  f175c34c3f9120231b103bd0ef6e13f1_JaffaCakes118
- Size
  
  320KB
- MD5
  
  f175c34c3f9120231b103bd0ef6e13f1
- SHA1
  
  9e4b84399bf23e45e64f0fc6f4edc011462ad4f8
- SHA256
  
  e0f00a909c84ca44cf2af2c13c9f1aed50e1a8fdeedea378828220769ad4a4c9
- SHA512
  
  c303e0e9d37088ae545d175769c09847622824f196f8691963e3df9a644be9c82cfebe3c14d71069653193ef4791801b503c7148349f94fea11c96a96577cfad
- SSDEEP
  
  1536:rwPGSmhCmW7G/K+BX7Fd2dKJQmE8H2Xv04gnACskYPrx9GDgw/PVQ:UGSkX/K+BX7pJ/mvQzskYPrx9GDlC
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2024

Terms | Privacy