xtremerat | 78780e9cc0a1a6c30db708f349251dcac3226d96cddd61e3ed45b6160a35c342 | Triage

Submit
Reports

Overview

overview

Static

static

3

c1aca19f6c...18.exe

windows7-x64

c1aca19f6c...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

c1aca19f6cd902db13b52317e6301463_JaffaCakes118
Size

188KB
Sample

240825-1tlersxcna
MD5

c1aca19f6cd902db13b52317e6301463
SHA1

4eefb8b392f21f286c178e4ef94fa1f584c67281
SHA256

78780e9cc0a1a6c30db708f349251dcac3226d96cddd61e3ed45b6160a35c342
SHA512

861b4febceb86a5416f680aab6941e1b11589583ccbfefa4e8f2e240f784dd10f9e889f3578ef7212ea8e83ecde1c1ab3da2189cc33eb8d16b68dd2e478fb498
SSDEEP

3072:7o9MODtBqfTxurk4i9EcJ13UztSTUBs5DWhXyr0vw3mt:7kD7E54iALBs2ca

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c1aca19f6cd902db13b52317e6301463_JaffaCakes118.exe

Resource

win7-20240729-en

xtremerat discovery persistence rat spyware upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

c1aca19f6cd902db13b52317e6301463_JaffaCakes118.exe

Resource

win10v2004-20240802-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

as2622.zapto.org

Targets

- Target
  
  c1aca19f6cd902db13b52317e6301463_JaffaCakes118
- Size
  
  188KB
- MD5
  
  c1aca19f6cd902db13b52317e6301463
- SHA1
  
  4eefb8b392f21f286c178e4ef94fa1f584c67281
- SHA256
  
  78780e9cc0a1a6c30db708f349251dcac3226d96cddd61e3ed45b6160a35c342
- SHA512
  
  861b4febceb86a5416f680aab6941e1b11589583ccbfefa4e8f2e240f784dd10f9e889f3578ef7212ea8e83ecde1c1ab3da2189cc33eb8d16b68dd2e478fb498
- SSDEEP
  
  3072:7o9MODtBqfTxurk4i9EcJ13UztSTUBs5DWhXyr0vw3mt:7kD7E54iALBs2ca
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy