xtremerat | c01c3e39933ccfedaf1d766903232ada996f71ee79187a2cb420219000c97d21 | Triage

Submit
Reports

Overview

overview

Static

static

a8b06620e9...18.exe

windows7-x64

a8b06620e9...18.exe

windows10-2004-x64

Sharing

General

Target

a8b06620e9629037953a3a5bc07a0b60_JaffaCakes118
Size

45KB
Sample

240614-j5ye2asaqe
MD5

a8b06620e9629037953a3a5bc07a0b60
SHA1

08c35cd4abf5e0945182079e24ec190d97225775
SHA256

c01c3e39933ccfedaf1d766903232ada996f71ee79187a2cb420219000c97d21
SHA512

042cfac252c4ceb55b9b7e5fb7f23d5686c4b3aeca68b2b093a3dce78d29f89f66745e685a9cefdb07db1dcf69a2daaa4286af185a2f9cc6040d3cbc5c0b9b50
SSDEEP

768:DBr+tjFKsusi02s2VzfoFTrS75YAU074/uhXtYCpP0zo3rI:tyRQsiNVzwFfS75YAU08mhX5co7I

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

a8b06620e9629037953a3a5bc07a0b60_JaffaCakes118.exe

Resource

win7-20240611-en

xtremerat persistence rat spyware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a8b06620e9629037953a3a5bc07a0b60_JaffaCakes118.exe

Resource

win10v2004-20240226-en

xtremerat persistence rat spyware

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

wesam.no-ip.org

slator.com

Targets

- Target
  
  a8b06620e9629037953a3a5bc07a0b60_JaffaCakes118
- Size
  
  45KB
- MD5
  
  a8b06620e9629037953a3a5bc07a0b60
- SHA1
  
  08c35cd4abf5e0945182079e24ec190d97225775
- SHA256
  
  c01c3e39933ccfedaf1d766903232ada996f71ee79187a2cb420219000c97d21
- SHA512
  
  042cfac252c4ceb55b9b7e5fb7f23d5686c4b3aeca68b2b093a3dce78d29f89f66745e685a9cefdb07db1dcf69a2daaa4286af185a2f9cc6040d3cbc5c0b9b50
- SSDEEP
  
  768:DBr+tjFKsusi02s2VzfoFTrS75YAU074/uhXtYCpP0zo3rI:tyRQsiNVzwFfS75YAU08mhX5co7I
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2024

Terms | Privacy