xtremerat | 7fbfa39b78add7cc01bd28fffb98f5ba18cbc428e2f75a95caf2d6577e945029 | Triage

Submit
Reports

Overview

overview

Static

static

5

5ce182d2ef...18.exe

windows7-x64

5ce182d2ef...18.exe

windows10-2004-x64

Sharing

General

Target

5ce182d2ef3be3aee621362e88b90cf6_JaffaCakes118
Size

70KB
Sample

241019-qt7ynaydld
MD5

5ce182d2ef3be3aee621362e88b90cf6
SHA1

c40cd054aca56a807004b0cfee24fa90200c0d0d
SHA256

7fbfa39b78add7cc01bd28fffb98f5ba18cbc428e2f75a95caf2d6577e945029
SHA512

dfae11036a40e36f372eb097eb3798f11e09b28bc45d41056d9eeb9fa97ec6dcb59de52e5d9ab5585d60cfccfbdc0d3da6acc6d306da01f53df77f95b170572d
SSDEEP

1536:jEoPFC7UkWipZb1OYCGJcGLvXlo342gKmEEbGoa:xUIk/POvGJbo34TKqM

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5ce182d2ef3be3aee621362e88b90cf6_JaffaCakes118.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

5ce182d2ef3be3aee621362e88b90cf6_JaffaCakes118.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

mnnww.no-ip.biz

Targets

- Target
  
  5ce182d2ef3be3aee621362e88b90cf6_JaffaCakes118
- Size
  
  70KB
- MD5
  
  5ce182d2ef3be3aee621362e88b90cf6
- SHA1
  
  c40cd054aca56a807004b0cfee24fa90200c0d0d
- SHA256
  
  7fbfa39b78add7cc01bd28fffb98f5ba18cbc428e2f75a95caf2d6577e945029
- SHA512
  
  dfae11036a40e36f372eb097eb3798f11e09b28bc45d41056d9eeb9fa97ec6dcb59de52e5d9ab5585d60cfccfbdc0d3da6acc6d306da01f53df77f95b170572d
- SSDEEP
  
  1536:jEoPFC7UkWipZb1OYCGJcGLvXlo342gKmEEbGoa:xUIk/POvGJbo34TKqM
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2024

Terms | Privacy