xtremerat | 9c49a2223937a6bbc79033f7cb20782ded4a5694d6b096eb35e5742a028eacc1 | Triage

Submit
Reports

Overview

overview

Static

static

3

555c25b7e2...18.exe

windows7-x64

555c25b7e2...18.exe

windows10-2004-x64

Sharing

General

Target

555c25b7e2af2d75ebdab19d83d0e8cf_JaffaCakes118
Size

220KB
Sample

241018-ejmzyswbqa
MD5

555c25b7e2af2d75ebdab19d83d0e8cf
SHA1

7d9e1c8b1954c78f7f50c214c1a38aff825a17ea
SHA256

9c49a2223937a6bbc79033f7cb20782ded4a5694d6b096eb35e5742a028eacc1
SHA512

383a16bc328f18264a32791b81bccb035d0814f3f17945b64afdc0d59f14087b02ec8c1579a7d3692726b8cd77841f39f03ed9e43d6d1ee225aa836fe345ed41
SSDEEP

6144:86/2XhA3QPCwzUFShv+C+e+GNLBRRArd6905XcA9mV:l/2XigqNFev7+0N1RqkGcGmV

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

555c25b7e2af2d75ebdab19d83d0e8cf_JaffaCakes118.exe

Resource

win7-20241010-en

xtremerat discovery persistence rat spyware upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

555c25b7e2af2d75ebdab19d83d0e8cf_JaffaCakes118.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

yalahwith.no-ip.biz

Targets

- Target
  
  555c25b7e2af2d75ebdab19d83d0e8cf_JaffaCakes118
- Size
  
  220KB
- MD5
  
  555c25b7e2af2d75ebdab19d83d0e8cf
- SHA1
  
  7d9e1c8b1954c78f7f50c214c1a38aff825a17ea
- SHA256
  
  9c49a2223937a6bbc79033f7cb20782ded4a5694d6b096eb35e5742a028eacc1
- SHA512
  
  383a16bc328f18264a32791b81bccb035d0814f3f17945b64afdc0d59f14087b02ec8c1579a7d3692726b8cd77841f39f03ed9e43d6d1ee225aa836fe345ed41
- SSDEEP
  
  6144:86/2XhA3QPCwzUFShv+C+e+GNLBRRArd6905XcA9mV:l/2XigqNFev7+0N1RqkGcGmV
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2024

Terms | Privacy