xtremerat | 7552eb340f88bc4ec13824ca2080b32bde8e36c4293ce8e04fcc3b1599283fb9 | Triage

Submit
Reports

Overview

overview

Static

static

3

82138d2d48...18.exe

windows7-x64

82138d2d48...18.exe

windows10-2004-x64

Sharing

General

Target

82138d2d48b17c580a35a31027749f26_JaffaCakes118
Size

96KB
Sample

241031-hf5x5sshmn
MD5

82138d2d48b17c580a35a31027749f26
SHA1

548ad1d06f019070ad310d61f14b194b453e77fa
SHA256

7552eb340f88bc4ec13824ca2080b32bde8e36c4293ce8e04fcc3b1599283fb9
SHA512

977e2d31ac9b90116062b99d4d9baafaf79791a74869ec7608a5965d69992607957bb2214ba26ef3e3a50ec1476eab454f9dbd14ce3c8e7afbf3c24dc95bc871
SSDEEP

1536:wje6iD2YeCjWvmp5+sT4swiSBcokEpomkmSziIHM53M:93DViepvT4swiVdmQi3+

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

82138d2d48b17c580a35a31027749f26_JaffaCakes118.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

82138d2d48b17c580a35a31027749f26_JaffaCakes118.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

䯬ŀ鮸끠linep.no-ip.org

Targets

- Target
  
  82138d2d48b17c580a35a31027749f26_JaffaCakes118
- Size
  
  96KB
- MD5
  
  82138d2d48b17c580a35a31027749f26
- SHA1
  
  548ad1d06f019070ad310d61f14b194b453e77fa
- SHA256
  
  7552eb340f88bc4ec13824ca2080b32bde8e36c4293ce8e04fcc3b1599283fb9
- SHA512
  
  977e2d31ac9b90116062b99d4d9baafaf79791a74869ec7608a5965d69992607957bb2214ba26ef3e3a50ec1476eab454f9dbd14ce3c8e7afbf3c24dc95bc871
- SSDEEP
  
  1536:wje6iD2YeCjWvmp5+sT4swiSBcokEpomkmSziIHM53M:93DViepvT4swiVdmQi3+
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2024

Terms | Privacy