xtremerat | 90c73004a698704f7252c3f941323425610a49bf909f4ee3f1579897ac2ab474 | Triage

Submit
Reports

Overview

overview

Static

static

3

f7c8fb3e94...18.exe

windows7-x64

f7c8fb3e94...18.exe

windows10-2004-x64

1

Sharing

General

Target

f7c8fb3e941672208832623c00042d67_JaffaCakes118
Size

61KB
Sample

240418-mahb4sbd7t
MD5

f7c8fb3e941672208832623c00042d67
SHA1

1c24bdae294e044dff767256e180e000e78feef9
SHA256

90c73004a698704f7252c3f941323425610a49bf909f4ee3f1579897ac2ab474
SHA512

ac430bee2e37b66f6f1e31655350f33198af26fa96563a50490a1cc7cd825bfc3e764e4e72d6634d8099cb981bf9f0050663f5ff47e620d89ef3b6a4591779f3
SSDEEP

1536:OqMxCxZyzT81Rap5R8mkPWO79RPbovi036E:ONxCbB1RapHDdq9hW6E

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f7c8fb3e941672208832623c00042d67_JaffaCakes118.exe

Resource

win7-20240215-en

xtremerat persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

f7c8fb3e941672208832623c00042d67_JaffaCakes118.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

mimmo86.no-ip.org

Targets

- Target
  
  f7c8fb3e941672208832623c00042d67_JaffaCakes118
- Size
  
  61KB
- MD5
  
  f7c8fb3e941672208832623c00042d67
- SHA1
  
  1c24bdae294e044dff767256e180e000e78feef9
- SHA256
  
  90c73004a698704f7252c3f941323425610a49bf909f4ee3f1579897ac2ab474
- SHA512
  
  ac430bee2e37b66f6f1e31655350f33198af26fa96563a50490a1cc7cd825bfc3e764e4e72d6634d8099cb981bf9f0050663f5ff47e620d89ef3b6a4591779f3
- SSDEEP
  
  1536:OqMxCxZyzT81Rap5R8mkPWO79RPbovi036E:ONxCbB1RapHDdq9hW6E
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

© 2018-2024

Terms | Privacy