xtremerat | 5579a050c744e49900d7e5d3cabbd61125a82da6bd7ff7e8e18f87fb50c2889e | Triage

Submit
Reports

Overview

overview

Static

static

5

7bbc50af11...cs.exe

windows7-x64

7bbc50af11...cs.exe

windows10-2004-x64

Sharing

General

Target

7bbc50af11ca46a958cecb2898884860_NeikiAnalytics.exe
Size

765KB
Sample

240531-hpvhrsbd36
MD5

7bbc50af11ca46a958cecb2898884860
SHA1

3acad220a592a55cf544462bfa9cda995d62145c
SHA256

5579a050c744e49900d7e5d3cabbd61125a82da6bd7ff7e8e18f87fb50c2889e
SHA512

d8f3b5deb8550f91caceb50c6de2d9fe7384ea2a45ded5a27535784376f185fe22213efd78692f6a0e58cd5f9bb781fdd0cb5f7b1e54e60ff9b9299e1d553687
SSDEEP

12288:ChkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4a36Ph9y2d71YlRC:iRmJkcoQricOIQxiZY1ia0yY71YlE

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

7bbc50af11ca46a958cecb2898884860_NeikiAnalytics.exe

Resource

win7-20240221-en

xtremerat persistence rat spyware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

7bbc50af11ca46a958cecb2898884860_NeikiAnalytics.exe

Resource

win10v2004-20240226-en

xtremerat persistence rat spyware

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  7bbc50af11ca46a958cecb2898884860_NeikiAnalytics.exe
- Size
  
  765KB
- MD5
  
  7bbc50af11ca46a958cecb2898884860
- SHA1
  
  3acad220a592a55cf544462bfa9cda995d62145c
- SHA256
  
  5579a050c744e49900d7e5d3cabbd61125a82da6bd7ff7e8e18f87fb50c2889e
- SHA512
  
  d8f3b5deb8550f91caceb50c6de2d9fe7384ea2a45ded5a27535784376f185fe22213efd78692f6a0e58cd5f9bb781fdd0cb5f7b1e54e60ff9b9299e1d553687
- SSDEEP
  
  12288:ChkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4a36Ph9y2d71YlRC:iRmJkcoQricOIQxiZY1ia0yY71YlE
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Modifies Installed Components in the registry
  persistence
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2024

Terms | Privacy