xtremerat | db7a9de95042c2553e5b38f1b3743a65f75e8d799c518da5f3031992ffb52ef7 | Triage

Resubmissions

15-07-2024 07:33

240715-jdgyzaveqk 10

15-07-2024 07:22

240715-h7btdaxflh 10

Sharing

General

Target

48c92021936b6d3e8bdd9a292d36600d_JaffaCakes118
Size

1.4MB
Sample

240715-jdgyzaveqk
MD5

48c92021936b6d3e8bdd9a292d36600d
SHA1

a45b7ec3ec2091f39d2fe00ce8cb86b5c12cb658
SHA256

db7a9de95042c2553e5b38f1b3743a65f75e8d799c518da5f3031992ffb52ef7
SHA512

2f8db1c64d5b24792a3e7e4cc6d8deb8d521af7cbdc9c13c50214dc421919c40e92bbf196ef64a0a30e9c58b18784e2173be837806c2c8455bb085a1164e0310
SSDEEP

24576:f5KoEz02RxcvKzRZwmpgYB3xlr1Xj/24zUg5paADTeut8t:gzLxbzR+mjNTrZlzUGaADTeI8t

Score

10^/10

xtremerat persistence rat spyware

Malware Config

Targets

- Target
  
  48c92021936b6d3e8bdd9a292d36600d_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  48c92021936b6d3e8bdd9a292d36600d
- SHA1
  
  a45b7ec3ec2091f39d2fe00ce8cb86b5c12cb658
- SHA256
  
  db7a9de95042c2553e5b38f1b3743a65f75e8d799c518da5f3031992ffb52ef7
- SHA512
  
  2f8db1c64d5b24792a3e7e4cc6d8deb8d521af7cbdc9c13c50214dc421919c40e92bbf196ef64a0a30e9c58b18784e2173be837806c2c8455bb085a1164e0310
- SSDEEP
  
  24576:f5KoEz02RxcvKzRZwmpgYB3xlr1Xj/24zUg5paADTeut8t:gzLxbzR+mjNTrZlzUGaADTeI8t
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratpersistenceratspyware