xtremerat | 6c56dcbf1fbed0067ae5fdc90e2ca1399c535948c66f0cdcf26391a1fa1b8d5c | Triage

Submit
Reports

Overview

overview

Static

static

3

fe1a4c3879...18.exe

windows7-x64

fe1a4c3879...18.exe

windows10-2004-x64

Sharing

General

Target

fe1a4c3879694c969a4967b32c175d83_JaffaCakes118
Size

892KB
Sample

240421-bskdmsfd43
MD5

fe1a4c3879694c969a4967b32c175d83
SHA1

0b5bb4d1b9f312a759d045a22e1506a6be1a8a84
SHA256

6c56dcbf1fbed0067ae5fdc90e2ca1399c535948c66f0cdcf26391a1fa1b8d5c
SHA512

aef3712ed7f15e344d99242375d38f6fda15d39e2efc68b5e3c0d4b4ec9d5a16b0e43c8302c76d57f8f47ac1a63102e50f8fe9f3dfba48bed3afbb3b21aeba6b
SSDEEP

3072:F14N2LlvNVZ98BPQd7xaYzO1v9em06TivuX:F1UslvHP8BPHt9d

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fe1a4c3879694c969a4967b32c175d83_JaffaCakes118.exe

Resource

win7-20240221-en

xtremerat persistence rat spyware

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

fe1a4c3879694c969a4967b32c175d83_JaffaCakes118.exe

Resource

win10v2004-20240412-en

xtremerat persistence rat spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

noodse.zapto.org

Targets

- Target
  
  fe1a4c3879694c969a4967b32c175d83_JaffaCakes118
- Size
  
  892KB
- MD5
  
  fe1a4c3879694c969a4967b32c175d83
- SHA1
  
  0b5bb4d1b9f312a759d045a22e1506a6be1a8a84
- SHA256
  
  6c56dcbf1fbed0067ae5fdc90e2ca1399c535948c66f0cdcf26391a1fa1b8d5c
- SHA512
  
  aef3712ed7f15e344d99242375d38f6fda15d39e2efc68b5e3c0d4b4ec9d5a16b0e43c8302c76d57f8f47ac1a63102e50f8fe9f3dfba48bed3afbb3b21aeba6b
- SSDEEP
  
  3072:F14N2LlvNVZ98BPQd7xaYzO1v9em06TivuX:F1UslvHP8BPHt9d
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2024

Terms | Privacy