xtremerat | f01d0d3b9fdc9a82e2c047489d1e52960f46cced8273b16489743cc2f62d65da | Triage

Submit
Reports

Overview

overview

Static

static

3

2054e0f687...18.exe

windows7-x64

2054e0f687...18.exe

windows10-2004-x64

Sharing

General

Target

2054e0f6879b5132b16f162ac74fec4e_JaffaCakes118
Size

347KB
Sample

241008-jcfphswanl
MD5

2054e0f6879b5132b16f162ac74fec4e
SHA1

2029dfbd5faef53fcfa1b4a74b0218fc347df189
SHA256

f01d0d3b9fdc9a82e2c047489d1e52960f46cced8273b16489743cc2f62d65da
SHA512

f471bc0171b5a02970876e25786b297998d2bdcc2d13d580ee6051c9053d2a7cbb1d2e29288425fbeb8c26a07438b2d453d2e0e6dc291a499d740b61f0e7bf1b
SSDEEP

6144:0ZuwGi39bfWSAERocPiGNhh5jMTykSmgOfgR44KmByM:qj9DWStvPiGNb5ITgm5Z47

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2054e0f6879b5132b16f162ac74fec4e_JaffaCakes118.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2054e0f6879b5132b16f162ac74fec4e_JaffaCakes118.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2054e0f6879b5132b16f162ac74fec4e_JaffaCakes118
- Size
  
  347KB
- MD5
  
  2054e0f6879b5132b16f162ac74fec4e
- SHA1
  
  2029dfbd5faef53fcfa1b4a74b0218fc347df189
- SHA256
  
  f01d0d3b9fdc9a82e2c047489d1e52960f46cced8273b16489743cc2f62d65da
- SHA512
  
  f471bc0171b5a02970876e25786b297998d2bdcc2d13d580ee6051c9053d2a7cbb1d2e29288425fbeb8c26a07438b2d453d2e0e6dc291a499d740b61f0e7bf1b
- SSDEEP
  
  6144:0ZuwGi39bfWSAERocPiGNhh5jMTykSmgOfgR44KmByM:qj9DWStvPiGNb5ITgm5Z47
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy