xtremerat | d52a85c79b6063fe69276eb6b63a43b767de7eed0fa5b35968ebc46ff88f51dc | Triage

Submit
Reports

Overview

overview

Static

static

3

Crysis2_v1...er.exe

windows7-x64

Crysis2_v1...er.exe

windows10-2004-x64

Sharing

General

Target

8954e713d470bf5e5e2d70e4a909eff9_JaffaCakes118
Size

131KB
Sample

240811-g53cwasejd
MD5

8954e713d470bf5e5e2d70e4a909eff9
SHA1

698130f13693bfa4e2ae6d11f2c80e4304393bec
SHA256

d52a85c79b6063fe69276eb6b63a43b767de7eed0fa5b35968ebc46ff88f51dc
SHA512

ad0f0add10d562f3143d65bfad17408ec55ed7f5195d83a5c7250dac2fc4c7c8b16e3ee4eb4e7551d5295615cd7e23025c9805ef79e6743e743a20b8e3a2c18a
SSDEEP

3072:I6NQSQKywEdN5LLpTCpf4zcugG3gVYhGWtiyn9ceSj83/t:I6WSQNbvZNCvAsWtiy98wvt

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Crysis2_v1-9_Trainer/Crysis2_v1-9_Trainer.exe

Resource

win7-20240704-en

xtremerat discovery persistence rat spyware

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Crysis2_v1-9_Trainer/Crysis2_v1-9_Trainer.exe

Resource

win10v2004-20240802-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

ᠼhoshx.no-ip.org

c_209hoshx.no-ip.org

Targets

- Target
  
  Crysis2_v1-9_Trainer/Crysis2_v1-9_Trainer.exe
- Size
  
  102KB
- MD5
  
  731c9c3d522ecf0538815e35577dd373
- SHA1
  
  c075a1e83284924aea80add9023922f5bd7b2ebc
- SHA256
  
  51af50494be139e4f2e9efa19501918aff117f6ef2fe0451f62457006117abc2
- SHA512
  
  7e4d92717a9a801e4c100a4dac689a8393058cef0e9438a5506b774748ed84164b5ae1c88624cd9ccb0302bd9b9cd18cc384f36948fc2f65c5303c54c9447c13
- SSDEEP
  
  3072:m5LLpTCpf4zcugG3gVYhGWtiyn9ceSj83/U:mZNCvAsWtiy98wvU
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2025

Terms | Privacy