xtremerat | 00b6d246e604938c9f4bc75e0caf3ce9458fea0d68d43f053873efc30f598da0 | Triage

Submit
Reports

Overview

overview

Static

static

00bfccc191...18.exe

windows7-x64

00bfccc191...18.exe

windows10-2004-x64

Sharing

General

Target

00bfccc191d11623f0657ad43acbc1ca_JaffaCakes118
Size

75KB
Sample

240619-1wy4msxhrq
MD5

00bfccc191d11623f0657ad43acbc1ca
SHA1

2275417f792f4e2ac4c037459563681410d05cae
SHA256

00b6d246e604938c9f4bc75e0caf3ce9458fea0d68d43f053873efc30f598da0
SHA512

c9a52f47b0e15c1ff9c2c501e695c6d0c0c515f4ac528468b3e49c03a9fc579e1efaa448a308ffa9bf64eff7a492ea45254ff8001e62b11365c5e99242b57dbe
SSDEEP

768:dE9hghdN12Ozhiow2Gkm6+c3/6jzog/ZOp69XV2wX:du+zMOlw2GkmS3yXot+F2w

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

00bfccc191d11623f0657ad43acbc1ca_JaffaCakes118.exe

Resource

win7-20240611-en

xtremerat persistence rat spyware upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

00bfccc191d11623f0657ad43acbc1ca_JaffaCakes118.exe

Resource

win10v2004-20240611-en

xtremerat persistence rat spyware upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  00bfccc191d11623f0657ad43acbc1ca_JaffaCakes118
- Size
  
  75KB
- MD5
  
  00bfccc191d11623f0657ad43acbc1ca
- SHA1
  
  2275417f792f4e2ac4c037459563681410d05cae
- SHA256
  
  00b6d246e604938c9f4bc75e0caf3ce9458fea0d68d43f053873efc30f598da0
- SHA512
  
  c9a52f47b0e15c1ff9c2c501e695c6d0c0c515f4ac528468b3e49c03a9fc579e1efaa448a308ffa9bf64eff7a492ea45254ff8001e62b11365c5e99242b57dbe
- SSDEEP
  
  768:dE9hghdN12Ozhiow2Gkm6+c3/6jzog/ZOp69XV2wX:du+zMOlw2GkmS3yXot+F2w
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2024

Terms | Privacy