xtremerat | 1c0e182ac612c18d62d61027c85f5ba67c46f92058fc06241847bbf3c13386c2 | Triage

Submit
Reports

Overview

overview

Static

static

3

cdea3af5a8...18.exe

windows7-x64

cdea3af5a8...18.exe

windows10-2004-x64

Sharing

General

Target

cdea3af5a80a806efa9eecd50a2f4639_JaffaCakes118
Size

67KB
Sample

240901-bamfaawarg
MD5

cdea3af5a80a806efa9eecd50a2f4639
SHA1

abaffa982f4cf2cc3ffc9e3169bbf9da26f86ad8
SHA256

1c0e182ac612c18d62d61027c85f5ba67c46f92058fc06241847bbf3c13386c2
SHA512

79dc151e2f57a64591dee8f9bfb20701eea1b3f12edc78a9cac2e5f578989fed2c9981086b4ba112d44aa775701e1029f32306ce663635b0e7ec8b1eb2ed36aa
SSDEEP

768:hRwkpvlqpyBaTyBHcqpv32OKqqfYAnqJiHB/oGpIbE/ZR5BgHmPUTNgfljPuZ8fL:hRwk3qvMfjKEsIA/gGlfvfpk8IPn7aw

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cdea3af5a80a806efa9eecd50a2f4639_JaffaCakes118.exe

Resource

win7-20240708-en

xtremerat discovery persistence rat spyware upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

cdea3af5a80a806efa9eecd50a2f4639_JaffaCakes118.exe

Resource

win10v2004-20240802-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  cdea3af5a80a806efa9eecd50a2f4639_JaffaCakes118
- Size
  
  67KB
- MD5
  
  cdea3af5a80a806efa9eecd50a2f4639
- SHA1
  
  abaffa982f4cf2cc3ffc9e3169bbf9da26f86ad8
- SHA256
  
  1c0e182ac612c18d62d61027c85f5ba67c46f92058fc06241847bbf3c13386c2
- SHA512
  
  79dc151e2f57a64591dee8f9bfb20701eea1b3f12edc78a9cac2e5f578989fed2c9981086b4ba112d44aa775701e1029f32306ce663635b0e7ec8b1eb2ed36aa
- SSDEEP
  
  768:hRwkpvlqpyBaTyBHcqpv32OKqqfYAnqJiHB/oGpIbE/ZR5BgHmPUTNgfljPuZ8fL:hRwk3qvMfjKEsIA/gGlfvfpk8IPn7aw
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2024

Terms | Privacy