xtremerat | c4a5882cf2286a8b2d552f212c0cc88b49300829962fa2ac750cba20ad7fa37a | Triage

Submit
Reports

Overview

overview

Static

static

3

609df37935...18.exe

windows7-x64

609df37935...18.exe

windows10-2004-x64

Sharing

General

Target

609df379359175dbbeef3735204342dd_JaffaCakes118
Size

1.5MB
Sample

241020-gayffatflq
MD5

609df379359175dbbeef3735204342dd
SHA1

5f74b5a3bd063d9d2602c823160adc57e6760464
SHA256

c4a5882cf2286a8b2d552f212c0cc88b49300829962fa2ac750cba20ad7fa37a
SHA512

ef99f34cbc93589abb24b096391299e40047a18758b614e889d7dea0130625209cb2a2895ab21576f6b8b41c8a750e9cdddca24b4007968ffec4a4023e8d45fd
SSDEEP

3072:uem/7Now1RD4rn83ubRXlBCDHt+AIh2cdTUBx5lpcHqAsis7OBpkHEmWvyRL99fa:uHXGhQ/7G7DqQU/X3+fdxUC7D

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

609df379359175dbbeef3735204342dd_JaffaCakes118.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

609df379359175dbbeef3735204342dd_JaffaCakes118.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

serials.cc

Targets

- Target
  
  609df379359175dbbeef3735204342dd_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  609df379359175dbbeef3735204342dd
- SHA1
  
  5f74b5a3bd063d9d2602c823160adc57e6760464
- SHA256
  
  c4a5882cf2286a8b2d552f212c0cc88b49300829962fa2ac750cba20ad7fa37a
- SHA512
  
  ef99f34cbc93589abb24b096391299e40047a18758b614e889d7dea0130625209cb2a2895ab21576f6b8b41c8a750e9cdddca24b4007968ffec4a4023e8d45fd
- SSDEEP
  
  3072:uem/7Now1RD4rn83ubRXlBCDHt+AIh2cdTUBx5lpcHqAsis7OBpkHEmWvyRL99fa:uHXGhQ/7G7DqQU/X3+fdxUC7D
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2024

Terms | Privacy