xtremerat | 0bd08aca396edf3445c79d48bf514e7d9dda51ea2dae93ffba6b189c36846b65 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

be86d446ee...18.exe

windows7-x64

be86d446ee...18.exe

windows10-2004-x64

Sharing

General

Target

be86d446ee18563595249dd93a50c204_JaffaCakes118
Size

75KB
Sample

240824-nyk9cayclg
MD5

be86d446ee18563595249dd93a50c204
SHA1

743ae095cb8b3bd1844af5f8557b076aeaf3c5ae
SHA256

0bd08aca396edf3445c79d48bf514e7d9dda51ea2dae93ffba6b189c36846b65
SHA512

85b5930ea1e122f94562f59d1203d75236493a94820fb313beb7ff6d5b21ba4d8b33793147feea25c7fbb8a47caa0c465fc5eb6324aa00b529a1829ac1180408
SSDEEP

1536:Cv1vGQE2bM83T/y+EsTCT9lt2QL++kGGt9Bav8UlkDqy70gOFmcAAjmbH7:CtVE2bF3MsmT9v2QLIHQv8UlkDqyg9V+

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

be86d446ee18563595249dd93a50c204_JaffaCakes118.exe

Resource

win7-20240704-en

xtremerat discovery persistence rat spyware upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

be86d446ee18563595249dd93a50c204_JaffaCakes118.exe

Resource

win10v2004-20240802-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

kaangs.no-ip.org

Targets

- Target
  
  be86d446ee18563595249dd93a50c204_JaffaCakes118
- Size
  
  75KB
- MD5
  
  be86d446ee18563595249dd93a50c204
- SHA1
  
  743ae095cb8b3bd1844af5f8557b076aeaf3c5ae
- SHA256
  
  0bd08aca396edf3445c79d48bf514e7d9dda51ea2dae93ffba6b189c36846b65
- SHA512
  
  85b5930ea1e122f94562f59d1203d75236493a94820fb313beb7ff6d5b21ba4d8b33793147feea25c7fbb8a47caa0c465fc5eb6324aa00b529a1829ac1180408
- SSDEEP
  
  1536:Cv1vGQE2bM83T/y+EsTCT9lt2QL++kGGt9Bav8UlkDqy70gOFmcAAjmbH7:CtVE2bF3MsmT9v2QLIHQv8UlkDqyg9V+
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy