xtremerat | ef01b3b7a85f9368e2d6e9884dc0868cf9c0d419ab0732753c1c00579785b4c3 | Triage

Submit
Reports

Overview

overview

Static

static

3

5d6368db30...18.exe

windows7-x64

5d6368db30...18.exe

windows10-2004-x64

Sharing

General

Target

5d6368db301de5c858b43599c6be25b0_JaffaCakes118
Size

216KB
Sample

241019-s9n7latfng
MD5

5d6368db301de5c858b43599c6be25b0
SHA1

ed16ae256236f08163c132c95d3b5213af19acfa
SHA256

ef01b3b7a85f9368e2d6e9884dc0868cf9c0d419ab0732753c1c00579785b4c3
SHA512

b0392fd15620b902908708cf5bd1ef2a5b4e619f89166691ab3d770a439fadbbb6c8d1ac655945709146e044c0a56e2aac821e228797c3cfa6989ca7016ee306
SSDEEP

3072:AUFuVSnpZQFg9csV8qqdNd1rcV47GHvpdglyt+zY8ldw:pAEn7cg9c1qqj846B6lw+zY8n

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5d6368db301de5c858b43599c6be25b0_JaffaCakes118.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

5d6368db301de5c858b43599c6be25b0_JaffaCakes118.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

magicshop84.no-ip.biz

Targets

- Target
  
  5d6368db301de5c858b43599c6be25b0_JaffaCakes118
- Size
  
  216KB
- MD5
  
  5d6368db301de5c858b43599c6be25b0
- SHA1
  
  ed16ae256236f08163c132c95d3b5213af19acfa
- SHA256
  
  ef01b3b7a85f9368e2d6e9884dc0868cf9c0d419ab0732753c1c00579785b4c3
- SHA512
  
  b0392fd15620b902908708cf5bd1ef2a5b4e619f89166691ab3d770a439fadbbb6c8d1ac655945709146e044c0a56e2aac821e228797c3cfa6989ca7016ee306
- SSDEEP
  
  3072:AUFuVSnpZQFg9csV8qqdNd1rcV47GHvpdglyt+zY8ldw:pAEn7cg9c1qqj846B6lw+zY8n
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy