xtremerat | 4d7914e6ab54f7bbf28f41a107f2de3cc30dd2caeb9d82cb3865fad99a628935 | Triage

Submit
Reports

Overview

overview

Static

static

3

82ac765279...18.exe

windows7-x64

82ac765279...18.exe

windows10-2004-x64

3

Sharing

General

Target

82ac76527944c2423e9d81e967e50883_JaffaCakes118
Size

427KB
Sample

241031-l2gzzswdqe
MD5

82ac76527944c2423e9d81e967e50883
SHA1

417a65e819368f502609795d59e2f2cbc16fd54b
SHA256

4d7914e6ab54f7bbf28f41a107f2de3cc30dd2caeb9d82cb3865fad99a628935
SHA512

0354441fca0f16a77a81d28acb91aaa11b68a4a75536fec4f237b82f9aee0760c2ecb377ef7985c559f90e8d453e4862fcac1a5546cb82d0b80f7c9e966d2209
SSDEEP

6144:s5c7G22OxGaXeGFdQTvStYQRkpvBlMt7UOCdtMbtpFGX1yNT8LtbRGoQ/JtznaM:E2kBBl47Uvu8FyNT8RLQ/Jtznz

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

82ac76527944c2423e9d81e967e50883_JaffaCakes118.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

82ac76527944c2423e9d81e967e50883_JaffaCakes118.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

义danizinha.no-ip.org

Ÿ隝呷当잶࡯ᝈ驁䃾助椅诒䴠蠐୊逐騖ሠﲊ䣀䗨ꐝ桊danizinha.no-ip.org

Targets

- Target
  
  82ac76527944c2423e9d81e967e50883_JaffaCakes118
- Size
  
  427KB
- MD5
  
  82ac76527944c2423e9d81e967e50883
- SHA1
  
  417a65e819368f502609795d59e2f2cbc16fd54b
- SHA256
  
  4d7914e6ab54f7bbf28f41a107f2de3cc30dd2caeb9d82cb3865fad99a628935
- SHA512
  
  0354441fca0f16a77a81d28acb91aaa11b68a4a75536fec4f237b82f9aee0760c2ecb377ef7985c559f90e8d453e4862fcac1a5546cb82d0b80f7c9e966d2209
- SSDEEP
  
  6144:s5c7G22OxGaXeGFdQTvStYQRkpvBlMt7UOCdtMbtpFGX1yNT8LtbRGoQ/JtznaM:E2kBBl47Uvu8FyNT8RLQ/Jtznz
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

© 2018-2024

Terms | Privacy