xtremerat | 88914e25aafe2cc4c2b7ddce992a6bf7ad74d3bb00e47621316c5a0b510de0c1 | Triage

Submit
Reports

Overview

overview

Static

static

5

593734a135...18.exe

windows7-x64

593734a135...18.exe

windows10-2004-x64

Sharing

General

Target

593734a135beac4fbe31724c6248250f_JaffaCakes118
Size

682KB
Sample

241018-y1xp9swdkd
MD5

593734a135beac4fbe31724c6248250f
SHA1

6a59b202f34388d0ced84aa8b92ce0231b34ba42
SHA256

88914e25aafe2cc4c2b7ddce992a6bf7ad74d3bb00e47621316c5a0b510de0c1
SHA512

0c24dcedf4cbe0d416e2a5e983d8462b3f221ff015cae5fe15c6175555eb6c9695de919b0517315a4fb1eaa448d0e92548ff0b937880952c9e9687afe1c86ed2
SSDEEP

12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aX1DQj:uRmJkcoQricOIQxiZY1iaXJ8

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

593734a135beac4fbe31724c6248250f_JaffaCakes118.exe

Resource

win7-20240708-en

xtremerat discovery persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

593734a135beac4fbe31724c6248250f_JaffaCakes118.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

hossamnolove.no-ip.org

Targets

- Target
  
  593734a135beac4fbe31724c6248250f_JaffaCakes118
- Size
  
  682KB
- MD5
  
  593734a135beac4fbe31724c6248250f
- SHA1
  
  6a59b202f34388d0ced84aa8b92ce0231b34ba42
- SHA256
  
  88914e25aafe2cc4c2b7ddce992a6bf7ad74d3bb00e47621316c5a0b510de0c1
- SHA512
  
  0c24dcedf4cbe0d416e2a5e983d8462b3f221ff015cae5fe15c6175555eb6c9695de919b0517315a4fb1eaa448d0e92548ff0b937880952c9e9687afe1c86ed2
- SSDEEP
  
  12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aX1DQj:uRmJkcoQricOIQxiZY1iaXJ8
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy