xtremerat | 03dc1456445a8bd1cf24ed1d4531982484ffa763f9227c94365de95bf51d79c5 | Triage

Submit
Reports

Overview

overview

Static

static

3

fc0ca5da65...18.exe

windows7-x64

fc0ca5da65...18.exe

windows10-2004-x64

Sharing

General

Target

fc0ca5da65627a7d59a44bfb8dbdc29e_JaffaCakes118
Size

218KB
Sample

240420-gea6pshh77
MD5

fc0ca5da65627a7d59a44bfb8dbdc29e
SHA1

43ed78c1cbd951697068b6430b3eb0461cacece5
SHA256

03dc1456445a8bd1cf24ed1d4531982484ffa763f9227c94365de95bf51d79c5
SHA512

7ba5388f6121fe7be374c8b9e443d4d5d8fcbb9ae23ca7a5b07a903bf6a59679ce326431096728afb92d952dbf3690637ac59b096c8adfa4f3a67d4c3de0447c
SSDEEP

3072:EMsPZyn4bP26TbSnpKruoByI6N5bH2VBsXbfPSqVo+OYZMd1TToKPx0Xcy7lOs9J:5kPfunpOPyIgWTsXbfKqGRkKPO7fxvB

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fc0ca5da65627a7d59a44bfb8dbdc29e_JaffaCakes118.exe

Resource

win7-20240221-en

xtremerat persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

fc0ca5da65627a7d59a44bfb8dbdc29e_JaffaCakes118.exe

Resource

win10v2004-20240412-en

xtremerat persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

zapata36.zapto.org

Targets

- Target
  
  fc0ca5da65627a7d59a44bfb8dbdc29e_JaffaCakes118
- Size
  
  218KB
- MD5
  
  fc0ca5da65627a7d59a44bfb8dbdc29e
- SHA1
  
  43ed78c1cbd951697068b6430b3eb0461cacece5
- SHA256
  
  03dc1456445a8bd1cf24ed1d4531982484ffa763f9227c94365de95bf51d79c5
- SHA512
  
  7ba5388f6121fe7be374c8b9e443d4d5d8fcbb9ae23ca7a5b07a903bf6a59679ce326431096728afb92d952dbf3690637ac59b096c8adfa4f3a67d4c3de0447c
- SSDEEP
  
  3072:EMsPZyn4bP26TbSnpKruoByI6N5bH2VBsXbfPSqVo+OYZMd1TToKPx0Xcy7lOs9J:5kPfunpOPyIgWTsXbfKqGRkKPO7fxvB
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2024

Terms | Privacy