xtremerat | 503cd45db5cd3b0e620101cc5de34c72763782fcff2929b205b1c29724c5860c | Triage

Submit
Reports

Overview

overview

Static

static

3

da93b45644...18.exe

windows7-x64

da93b45644...18.exe

windows10-2004-x64

Sharing

General

Target

da93b45644b6b37e02acd7ccb1e8a329_JaffaCakes118
Size

1.2MB
Sample

240911-r4z68swhkd
MD5

da93b45644b6b37e02acd7ccb1e8a329
SHA1

a22a018a69daddd6d523c521c30f65ca0e0e9aaa
SHA256

503cd45db5cd3b0e620101cc5de34c72763782fcff2929b205b1c29724c5860c
SHA512

65e908a5fe7c81b41918d71661aa58e77416fd55a3bd66b99c7bbe2fa8fb8d8418ea4b971ddc11eab0f79b69c1e7e7bbfa43431aafa31a3a632d6e28adb33e0a
SSDEEP

3072:sstgSIkVtohAbuPdN8dsAYjZjfD4wP6EnA8FJWUb76oNASeaqXiHu8yuiL/aR+co:sjgN66lJF37XIyhb1KAHl

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

da93b45644b6b37e02acd7ccb1e8a329_JaffaCakes118.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

da93b45644b6b37e02acd7ccb1e8a329_JaffaCakes118.exe

Resource

win10v2004-20240802-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

laptope.sytes.net

Targets

- Target
  
  da93b45644b6b37e02acd7ccb1e8a329_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  da93b45644b6b37e02acd7ccb1e8a329
- SHA1
  
  a22a018a69daddd6d523c521c30f65ca0e0e9aaa
- SHA256
  
  503cd45db5cd3b0e620101cc5de34c72763782fcff2929b205b1c29724c5860c
- SHA512
  
  65e908a5fe7c81b41918d71661aa58e77416fd55a3bd66b99c7bbe2fa8fb8d8418ea4b971ddc11eab0f79b69c1e7e7bbfa43431aafa31a3a632d6e28adb33e0a
- SSDEEP
  
  3072:sstgSIkVtohAbuPdN8dsAYjZjfD4wP6EnA8FJWUb76oNASeaqXiHu8yuiL/aR+co:sjgN66lJF37XIyhb1KAHl
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2024

Terms | Privacy