xtremerat | e8162f1766459e6ef57b0063938da6cab886743ee5c5669233424855c8098f8f | Triage

Submit
Reports

Overview

overview

Static

static

3

2d7839f3fc...18.exe

windows7-x64

2d7839f3fc...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

2d7839f3fc66dceee05dd4da03474675_JaffaCakes118
Size

585KB
Sample

240708-xnqwhswdqh
MD5

2d7839f3fc66dceee05dd4da03474675
SHA1

a831c9b8b6d33f19cd77acfedc4bd2a55989139b
SHA256

e8162f1766459e6ef57b0063938da6cab886743ee5c5669233424855c8098f8f
SHA512

54d64c6f6785589074b235cb06d0f80288b7e6937c2e161f7a8239686f9f3b0dc9ea237912b6f47647541cfe08bb4e552ba8810d3c0ae965e95951a9300417d3
SSDEEP

6144:6aKMSD4Yuaezwp0yN90QEwuzJq/fdlGFlxhlXmEjycLT:jK3D4laoy90lefdcFlxTXmEjBL

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2d7839f3fc66dceee05dd4da03474675_JaffaCakes118.exe

Resource

win7-20240705-en

xtremerat persistence rat spyware upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2d7839f3fc66dceee05dd4da03474675_JaffaCakes118.exe

Resource

win10v2004-20240704-en

xtremerat persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

server1231.no-ip.info

Targets

- Target
  
  2d7839f3fc66dceee05dd4da03474675_JaffaCakes118
- Size
  
  585KB
- MD5
  
  2d7839f3fc66dceee05dd4da03474675
- SHA1
  
  a831c9b8b6d33f19cd77acfedc4bd2a55989139b
- SHA256
  
  e8162f1766459e6ef57b0063938da6cab886743ee5c5669233424855c8098f8f
- SHA512
  
  54d64c6f6785589074b235cb06d0f80288b7e6937c2e161f7a8239686f9f3b0dc9ea237912b6f47647541cfe08bb4e552ba8810d3c0ae965e95951a9300417d3
- SSDEEP
  
  6144:6aKMSD4Yuaezwp0yN90QEwuzJq/fdlGFlxhlXmEjycLT:jK3D4laoy90lefdcFlxTXmEjBL
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2025

Terms | Privacy