xtremerat | 1aa75d1bfc89d1efdf0ee23cf3ba489d95d0fc73d1fb43358b3aa7e416b89536 | Triage

Submit
Reports

Overview

overview

Static

static

3

ea95c71d3c...18.exe

windows11-21h2-x64

Resubmissions

19-09-2024 05:16

240919-fx9xbasgmn 10

19-09-2024 04:28

240919-e35n4s1enk 10

Sharing

General

Target

ea95c71d3c8f55d6a51ae43dd9cde9d9_JaffaCakes118
Size

226KB
Sample

240919-fx9xbasgmn
MD5

ea95c71d3c8f55d6a51ae43dd9cde9d9
SHA1

25460dbd2c7e996de80285971e787fb83e38d32e
SHA256

1aa75d1bfc89d1efdf0ee23cf3ba489d95d0fc73d1fb43358b3aa7e416b89536
SHA512

789a95758a1a7b680bdeb0a169834406fc68e14e9063bf6fe897ca1fb19d4b6628464a674aa9f6e0a65eff5ebeb8762ace692cd46fc39a3cb21de2ae91e77e60
SSDEEP

6144:J9evRcgVy2FIMB4TyQOI5JgpcvqNplce+f+hU5P4g0oa:J46gVPOT0Iw5preDk

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ea95c71d3c8f55d6a51ae43dd9cde9d9_JaffaCakes118.exe

Resource

win11-20240802-en

xtremerat discovery persistence rat spyware upx

windows11-21h2-x64

11 signatures

1200 seconds

Malware Config

Extracted

Family

xtremerat

C2

a411.no-ip.info

Targets

- Target
  
  ea95c71d3c8f55d6a51ae43dd9cde9d9_JaffaCakes118
- Size
  
  226KB
- MD5
  
  ea95c71d3c8f55d6a51ae43dd9cde9d9
- SHA1
  
  25460dbd2c7e996de80285971e787fb83e38d32e
- SHA256
  
  1aa75d1bfc89d1efdf0ee23cf3ba489d95d0fc73d1fb43358b3aa7e416b89536
- SHA512
  
  789a95758a1a7b680bdeb0a169834406fc68e14e9063bf6fe897ca1fb19d4b6628464a674aa9f6e0a65eff5ebeb8762ace692cd46fc39a3cb21de2ae91e77e60
- SSDEEP
  
  6144:J9evRcgVy2FIMB4TyQOI5JgpcvqNplce+f+hU5P4g0oa:J46gVPOT0Iw5preDk
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy