xtremerat | 57d1cad67b4e7bdfb6ddd4bf5463c5aa614f1ac716bb3ef2e0177715c91e2e18 | Triage

Submit
Reports

Overview

overview

Static

static

3

f7fd62bc8e...18.exe

windows7-x64

f7fd62bc8e...18.exe

windows10-2004-x64

Sharing

General

Target

f7fd62bc8ea8d33b6de88d70efc3939d_JaffaCakes118
Size

96KB
Sample

240418-pmpytseb7v
MD5

f7fd62bc8ea8d33b6de88d70efc3939d
SHA1

e718851000559e67c3dc8b0d8fc80a4d66037d95
SHA256

57d1cad67b4e7bdfb6ddd4bf5463c5aa614f1ac716bb3ef2e0177715c91e2e18
SHA512

99badc0f70ca9408cd9263e13c4b68c57ada52a371c1a61690063fe3f6df11c742cbda4214220b3230287084b5c2e1a5d6281fe180fdcc243ae20afa02058b8a
SSDEEP

1536:NfEUHeDF9gpI35hXsLdCWWdWzK4Q4f/TXWarz3GThv:NfE8EupGXs9W49bWqrGlv

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f7fd62bc8ea8d33b6de88d70efc3939d_JaffaCakes118.exe

Resource

win7-20240221-en

xtremerat persistence rat spyware upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f7fd62bc8ea8d33b6de88d70efc3939d_JaffaCakes118.exe

Resource

win10v2004-20240412-en

xtremerat persistence rat spyware upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

dannymatrix.no-ip.org

Targets

- Target
  
  f7fd62bc8ea8d33b6de88d70efc3939d_JaffaCakes118
- Size
  
  96KB
- MD5
  
  f7fd62bc8ea8d33b6de88d70efc3939d
- SHA1
  
  e718851000559e67c3dc8b0d8fc80a4d66037d95
- SHA256
  
  57d1cad67b4e7bdfb6ddd4bf5463c5aa614f1ac716bb3ef2e0177715c91e2e18
- SHA512
  
  99badc0f70ca9408cd9263e13c4b68c57ada52a371c1a61690063fe3f6df11c742cbda4214220b3230287084b5c2e1a5d6281fe180fdcc243ae20afa02058b8a
- SSDEEP
  
  1536:NfEUHeDF9gpI35hXsLdCWWdWzK4Q4f/TXWarz3GThv:NfE8EupGXs9W49bWqrGlv
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2024

Terms | Privacy