xtremerat | 4d9bce4b89a2ade61ea7f46c1ddb43b06a4984c4d7408b1a6e8d65e5301d8dc4 | Triage

Submit
Reports

Overview

overview

Static

static

3

9723ba30aa...18.exe

windows7-x64

9723ba30aa...18.exe

windows10-2004-x64

Sharing

General

Target

9723ba30aa8e15405aebba2058f06707_JaffaCakes118
Size

68KB
Sample

240814-wvv85sweke
MD5

9723ba30aa8e15405aebba2058f06707
SHA1

8bfa78bbc87d6e67e6cf16bb3cf3300823741e62
SHA256

4d9bce4b89a2ade61ea7f46c1ddb43b06a4984c4d7408b1a6e8d65e5301d8dc4
SHA512

e73038e7f9be7871eb47fcdabbfbde68e3cc3c587783e20071f83c6d885d31abdc2bfbc83f1c256b082ef1ad05c7c6ccebabc7a20a2929c6d9a6cb28a7fe4fac
SSDEEP

1536:Cx6dWqGaSnZQAP42sOLhazjCOGNm0Oi6/et:CE8aSnZ17smhazxbc6/e

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9723ba30aa8e15405aebba2058f06707_JaffaCakes118.exe

Resource

win7-20240708-en

xtremerat discovery persistence rat spyware upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9723ba30aa8e15405aebba2058f06707_JaffaCakes118.exe

Resource

win10v2004-20240802-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

elissakhoury.no-ip.biz

Targets

- Target
  
  9723ba30aa8e15405aebba2058f06707_JaffaCakes118
- Size
  
  68KB
- MD5
  
  9723ba30aa8e15405aebba2058f06707
- SHA1
  
  8bfa78bbc87d6e67e6cf16bb3cf3300823741e62
- SHA256
  
  4d9bce4b89a2ade61ea7f46c1ddb43b06a4984c4d7408b1a6e8d65e5301d8dc4
- SHA512
  
  e73038e7f9be7871eb47fcdabbfbde68e3cc3c587783e20071f83c6d885d31abdc2bfbc83f1c256b082ef1ad05c7c6ccebabc7a20a2929c6d9a6cb28a7fe4fac
- SSDEEP
  
  1536:Cx6dWqGaSnZQAP42sOLhazjCOGNm0Oi6/et:CE8aSnZ17smhazxbc6/e
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2024

Terms | Privacy