xtremerat | 9da67fe3080edb611ebc54a556b3edf0c86b1c06628cc5825a5b9c6da8ba6143 | Triage

Submit
Reports

Overview

overview

Static

static

aa5cc1b47c...18.exe

windows7-x64

aa5cc1b47c...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

aa5cc1b47c05ff2a12f9fd1e312bc7e8_JaffaCakes118
Size

19KB
Sample

240819-ktg5cayall
MD5

aa5cc1b47c05ff2a12f9fd1e312bc7e8
SHA1

0ac75d7c1db16780ea53a865f48d8d85cda88f69
SHA256

9da67fe3080edb611ebc54a556b3edf0c86b1c06628cc5825a5b9c6da8ba6143
SHA512

38eab84bb6c39ea005f3dc1b11e82e59a2d48a4c8f925b48173826a1d9327a791879a5b9800d662746fb6d3b2892032b525c5f2d00b0b5269e5434bc1b7df9d7
SSDEEP

384:ZHKZfuH87GowDqGoMwevqxP6k6jDwPVBSmZ4xUN4KR:8ZfuHUvwDKP6kztZTH

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

aa5cc1b47c05ff2a12f9fd1e312bc7e8_JaffaCakes118.exe

Resource

win7-20240729-en

xtremerat discovery persistence rat spyware upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

aa5cc1b47c05ff2a12f9fd1e312bc7e8_JaffaCakes118.exe

Resource

win10v2004-20240802-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  aa5cc1b47c05ff2a12f9fd1e312bc7e8_JaffaCakes118
- Size
  
  19KB
- MD5
  
  aa5cc1b47c05ff2a12f9fd1e312bc7e8
- SHA1
  
  0ac75d7c1db16780ea53a865f48d8d85cda88f69
- SHA256
  
  9da67fe3080edb611ebc54a556b3edf0c86b1c06628cc5825a5b9c6da8ba6143
- SHA512
  
  38eab84bb6c39ea005f3dc1b11e82e59a2d48a4c8f925b48173826a1d9327a791879a5b9800d662746fb6d3b2892032b525c5f2d00b0b5269e5434bc1b7df9d7
- SSDEEP
  
  384:ZHKZfuH87GowDqGoMwevqxP6k6jDwPVBSmZ4xUN4KR:8ZfuHUvwDKP6kztZTH
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy