xtremerat | 062f74f6eb26458d24b69ad68102f7c6a160d815bd702bb0976b3fce5f393cbc | Triage

Submit
Reports

Overview

overview

Static

static

82e24d1f2a...18.exe

windows7-x64

82e24d1f2a...18.exe

windows10-2004-x64

Sharing

General

Target

82e24d1f2a9e4a5c1420702a50d988cd_JaffaCakes118
Size

26KB
Sample

241031-ntyc4sypdl
MD5

82e24d1f2a9e4a5c1420702a50d988cd
SHA1

f11cfa71dfe0bf137e1530187e9929416540f2dc
SHA256

062f74f6eb26458d24b69ad68102f7c6a160d815bd702bb0976b3fce5f393cbc
SHA512

1713857a146c72cfffe296c47e28ab1b4457459f5893c1f914ee8b9c91d1f799df58a0b5d081aec9ee527b47f2638160a04633b7ab8b10c0967a83660a3e9562
SSDEEP

384:LDmxsvw+nC7+z7pFZowqrdjLRi8JgxEd1iagAAunpe7achfzv/djPmd05KUI5aB6:Lyxsv4Mb+dRdSxEHj1WDFK/UlBfsZB

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

82e24d1f2a9e4a5c1420702a50d988cd_JaffaCakes118.exe

Resource

win7-20241010-en

xtremerat discovery persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

82e24d1f2a9e4a5c1420702a50d988cd_JaffaCakes118.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

mzmz111.no-ip.biz

Targets

- Target
  
  82e24d1f2a9e4a5c1420702a50d988cd_JaffaCakes118
- Size
  
  26KB
- MD5
  
  82e24d1f2a9e4a5c1420702a50d988cd
- SHA1
  
  f11cfa71dfe0bf137e1530187e9929416540f2dc
- SHA256
  
  062f74f6eb26458d24b69ad68102f7c6a160d815bd702bb0976b3fce5f393cbc
- SHA512
  
  1713857a146c72cfffe296c47e28ab1b4457459f5893c1f914ee8b9c91d1f799df58a0b5d081aec9ee527b47f2638160a04633b7ab8b10c0967a83660a3e9562
- SSDEEP
  
  384:LDmxsvw+nC7+z7pFZowqrdjLRi8JgxEd1iagAAunpe7achfzv/djPmd05KUI5aB6:Lyxsv4Mb+dRdSxEHj1WDFK/UlBfsZB
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2024

Terms | Privacy