xtremerat | 1ae2824e23518bacf52ad806a944f2b71752c8f9bb00afc8641d9462878aa515 | Triage

Submit
Reports

Overview

overview

Static

static

3

bc7cd54ab4...18.exe

windows7-x64

bc7cd54ab4...18.exe

windows10-2004-x64

Sharing

General

Target

bc7cd54ab4e6e5fdfc7644da9c80e00a_JaffaCakes118
Size

92KB
Sample

240823-t128javgkg
MD5

bc7cd54ab4e6e5fdfc7644da9c80e00a
SHA1

31b71caf630e8707773f64a82080346c14628cba
SHA256

1ae2824e23518bacf52ad806a944f2b71752c8f9bb00afc8641d9462878aa515
SHA512

f9343124136cb16b7524867f47190b8a1f96bb6bf573949d93f8afb6ff5dad55ff4ba8679d634f9685c99e0a664440d0cddf59ef41769685a7afe276e96b89f8
SSDEEP

1536:CHpaCKKadjWvIX2vkG67bBFJRD8/WZRYaNdDuwJ8QZg6IOm7o6LgHmU6VqkJ:qaCKPWgjnJ84Ndr8QKdo6LJU0J

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bc7cd54ab4e6e5fdfc7644da9c80e00a_JaffaCakes118.exe

Resource

win7-20240708-en

xtremerat discovery persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

bc7cd54ab4e6e5fdfc7644da9c80e00a_JaffaCakes118.exe

Resource

win10v2004-20240802-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

Travis.no-ip.info

Targets

- Target
  
  bc7cd54ab4e6e5fdfc7644da9c80e00a_JaffaCakes118
- Size
  
  92KB
- MD5
  
  bc7cd54ab4e6e5fdfc7644da9c80e00a
- SHA1
  
  31b71caf630e8707773f64a82080346c14628cba
- SHA256
  
  1ae2824e23518bacf52ad806a944f2b71752c8f9bb00afc8641d9462878aa515
- SHA512
  
  f9343124136cb16b7524867f47190b8a1f96bb6bf573949d93f8afb6ff5dad55ff4ba8679d634f9685c99e0a664440d0cddf59ef41769685a7afe276e96b89f8
- SSDEEP
  
  1536:CHpaCKKadjWvIX2vkG67bBFJRD8/WZRYaNdDuwJ8QZg6IOm7o6LgHmU6VqkJ:qaCKPWgjnJ84Ndr8QKdo6LJU0J
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy