xtremerat | 9c905b94224cb0d0e330498297d7a4a79dce22021f6841f091757d42d1a1ada0 | Triage

Submit
Reports

Overview

overview

Static

static

3

8bc636c3ef...18.exe

windows7-x64

8bc636c3ef...18.exe

windows10-2004-x64

Sharing

General

Target

8bc636c3efa09c949a33b14904f2b729_JaffaCakes118
Size

971KB
Sample

241103-q17lgaykbj
MD5

8bc636c3efa09c949a33b14904f2b729
SHA1

2261353384f6842ce9d193543bed165f54e21e24
SHA256

9c905b94224cb0d0e330498297d7a4a79dce22021f6841f091757d42d1a1ada0
SHA512

3db90c53dc13888dc93a6a28f1864ef6b4a58998c633b9f98f783c010a491eafecba5eec0456a92cc9833ad7be56ab89aebe26f8c7b7d71b7c9fa755d481a381
SSDEEP

12288:jZpDezaGbPyaZ81qzL0BJMYDJEaST8/1P6smHuhwZkt+UrzOPgDqDO7JbsXSzu:flG+aqUdYDGNMlfLzK0qy7RXS

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8bc636c3efa09c949a33b14904f2b729_JaffaCakes118.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

8bc636c3efa09c949a33b14904f2b729_JaffaCakes118.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  8bc636c3efa09c949a33b14904f2b729_JaffaCakes118
- Size
  
  971KB
- MD5
  
  8bc636c3efa09c949a33b14904f2b729
- SHA1
  
  2261353384f6842ce9d193543bed165f54e21e24
- SHA256
  
  9c905b94224cb0d0e330498297d7a4a79dce22021f6841f091757d42d1a1ada0
- SHA512
  
  3db90c53dc13888dc93a6a28f1864ef6b4a58998c633b9f98f783c010a491eafecba5eec0456a92cc9833ad7be56ab89aebe26f8c7b7d71b7c9fa755d481a381
- SSDEEP
  
  12288:jZpDezaGbPyaZ81qzL0BJMYDJEaST8/1P6smHuhwZkt+UrzOPgDqDO7JbsXSzu:flG+aqUdYDGNMlfLzK0qy7RXS
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2024

Terms | Privacy