xtremerat | 90aeebada5d47401cba50db00b9033b43492810da276fa1c8690c2963f7423bb | Triage

Submit
Reports

Overview

overview

Static

static

8490c5867f...18.exe

windows7-x64

8490c5867f...18.exe

windows10-2004-x64

Sharing

General

Target

8490c5867fb61c6c6e8208eb3bcf9b7a_JaffaCakes118
Size

33KB
Sample

241101-xnrstatgkd
MD5

8490c5867fb61c6c6e8208eb3bcf9b7a
SHA1

2d004aa823f605d900b06ea3093d96ca073f74d7
SHA256

90aeebada5d47401cba50db00b9033b43492810da276fa1c8690c2963f7423bb
SHA512

8ed71741747b8c43a2c7461b4bf0f2acdbdf7b8352513956e8566b9b90d6c83ca26b6ae76a3741f0aaf0b3b97bb5b16693c7f18c9055e6ff4cf3de2e02d62215
SSDEEP

768:zMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66lStzS1t+zVkPWC:INW71rcYDAWeotvXlQVePW

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

8490c5867fb61c6c6e8208eb3bcf9b7a_JaffaCakes118.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

8490c5867fb61c6c6e8208eb3bcf9b7a_JaffaCakes118.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

slaizer.no-ip.biz

Targets

- Target
  
  8490c5867fb61c6c6e8208eb3bcf9b7a_JaffaCakes118
- Size
  
  33KB
- MD5
  
  8490c5867fb61c6c6e8208eb3bcf9b7a
- SHA1
  
  2d004aa823f605d900b06ea3093d96ca073f74d7
- SHA256
  
  90aeebada5d47401cba50db00b9033b43492810da276fa1c8690c2963f7423bb
- SHA512
  
  8ed71741747b8c43a2c7461b4bf0f2acdbdf7b8352513956e8566b9b90d6c83ca26b6ae76a3741f0aaf0b3b97bb5b16693c7f18c9055e6ff4cf3de2e02d62215
- SSDEEP
  
  768:zMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66lStzS1t+zVkPWC:INW71rcYDAWeotvXlQVePW
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2024

Terms | Privacy