xtremerat | f44d867d2653e547b9988a37379d562437486802b310e0b15c22ab723c8a9555 | Triage

Submit
Reports

Overview

overview

Static

static

3

0d963ba57c...18.exe

windows7-x64

0d963ba57c...18.exe

windows10-2004-x64

Sharing

General

Target

0d963ba57cbc4a0ed501eec8eb8bca1f_JaffaCakes118
Size

324KB
Sample

240625-lnp4favfrj
MD5

0d963ba57cbc4a0ed501eec8eb8bca1f
SHA1

9d169af64d341b74d5839e33367bb3c6af79a481
SHA256

f44d867d2653e547b9988a37379d562437486802b310e0b15c22ab723c8a9555
SHA512

395377390f8f5841bc547d1366025c50fe6801258c1a1d326f5902328f31675b5889ff6592735208b201530a23bf3c62ab82c12c4ffa3dba4409dd2c7af0759e
SSDEEP

3072:emMm3mUGV3i7/tqJpBA/doPS3K15mShsng2:emu9A/doq3K1Dh

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0d963ba57cbc4a0ed501eec8eb8bca1f_JaffaCakes118.exe

Resource

win7-20240508-en

xtremerat persistence rat spyware

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

0d963ba57cbc4a0ed501eec8eb8bca1f_JaffaCakes118.exe

Resource

win10v2004-20240226-en

xtremerat persistence rat spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

moon2009us.linkpc.net

Targets

- Target
  
  0d963ba57cbc4a0ed501eec8eb8bca1f_JaffaCakes118
- Size
  
  324KB
- MD5
  
  0d963ba57cbc4a0ed501eec8eb8bca1f
- SHA1
  
  9d169af64d341b74d5839e33367bb3c6af79a481
- SHA256
  
  f44d867d2653e547b9988a37379d562437486802b310e0b15c22ab723c8a9555
- SHA512
  
  395377390f8f5841bc547d1366025c50fe6801258c1a1d326f5902328f31675b5889ff6592735208b201530a23bf3c62ab82c12c4ffa3dba4409dd2c7af0759e
- SSDEEP
  
  3072:emMm3mUGV3i7/tqJpBA/doPS3K15mShsng2:emu9A/doq3K1Dh
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2025

Terms | Privacy