xtremerat | bb2ac094f432f5e0ab41b0c9a3e017a1186dc541fa7fcca5cd84eb86a110561c | Triage

Submit
Reports

Overview

overview

Static

static

78ed0f9879...18.exe

windows7-x64

78ed0f9879...18.exe

windows10-2004-x64

Sharing

General

Target

78ed0f98795a2d8751d69e2cb64937d4_JaffaCakes118
Size

33KB
Sample

241028-lhgj4swape
MD5

78ed0f98795a2d8751d69e2cb64937d4
SHA1

96394950d4e03cefca1330ccd771620b41b0c538
SHA256

bb2ac094f432f5e0ab41b0c9a3e017a1186dc541fa7fcca5cd84eb86a110561c
SHA512

8c249a5d0d79fcb92fc0ec87ed3e10a52dd7fa681618f19196f32e11267276cdb00cb18316ca798f7593a26d0fb97863377db480172634ccca1590032b3f02b6
SSDEEP

768:hMuijtHf5g7/IIG3bGcYDBSvFIWuePQDGEsgCBnX0V5mGhw:KNW71rcYDAWeoDrsD90VAGh

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

78ed0f98795a2d8751d69e2cb64937d4_JaffaCakes118.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

78ed0f98795a2d8751d69e2cb64937d4_JaffaCakes118.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

valentina002.zapto.org

Targets

- Target
  
  78ed0f98795a2d8751d69e2cb64937d4_JaffaCakes118
- Size
  
  33KB
- MD5
  
  78ed0f98795a2d8751d69e2cb64937d4
- SHA1
  
  96394950d4e03cefca1330ccd771620b41b0c538
- SHA256
  
  bb2ac094f432f5e0ab41b0c9a3e017a1186dc541fa7fcca5cd84eb86a110561c
- SHA512
  
  8c249a5d0d79fcb92fc0ec87ed3e10a52dd7fa681618f19196f32e11267276cdb00cb18316ca798f7593a26d0fb97863377db480172634ccca1590032b3f02b6
- SSDEEP
  
  768:hMuijtHf5g7/IIG3bGcYDBSvFIWuePQDGEsgCBnX0V5mGhw:KNW71rcYDAWeoDrsD90VAGh
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2024

Terms | Privacy