xtremerat | f0c6cea78a2df1ec2f0da1ef59f8fd1be6d513150f2aa5d458d171b56590f319 | Triage

Submit
Reports

Overview

overview

Static

static

3

8e73e51ee7...18.exe

windows7-x64

8e73e51ee7...18.exe

windows10-2004-x64

Sharing

General

Target

8e73e51ee73256907b65ab143d1b51ce_JaffaCakes118
Size

259KB
Sample

241104-brzf6ssmdj
MD5

8e73e51ee73256907b65ab143d1b51ce
SHA1

b1268e89fc37448f48c81e6fa9f07048cb4da946
SHA256

f0c6cea78a2df1ec2f0da1ef59f8fd1be6d513150f2aa5d458d171b56590f319
SHA512

ac32434ebdcd8337a10f236946f74ad911bb4a63ea9f17e81b1913b845112dfe91d3acc504987959b231241dce780a5e1df650aec41190d39cd5ba132f22b466
SSDEEP

6144:1HaNZC0ivWwzP4f0ZQUUkHVgxb6dq8/BxjH0I3pxyN90vE:QWIwllUkHVg96k6xjlHy90

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8e73e51ee73256907b65ab143d1b51ce_JaffaCakes118.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

8e73e51ee73256907b65ab143d1b51ce_JaffaCakes118.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  8e73e51ee73256907b65ab143d1b51ce_JaffaCakes118
- Size
  
  259KB
- MD5
  
  8e73e51ee73256907b65ab143d1b51ce
- SHA1
  
  b1268e89fc37448f48c81e6fa9f07048cb4da946
- SHA256
  
  f0c6cea78a2df1ec2f0da1ef59f8fd1be6d513150f2aa5d458d171b56590f319
- SHA512
  
  ac32434ebdcd8337a10f236946f74ad911bb4a63ea9f17e81b1913b845112dfe91d3acc504987959b231241dce780a5e1df650aec41190d39cd5ba132f22b466
- SSDEEP
  
  6144:1HaNZC0ivWwzP4f0ZQUUkHVgxb6dq8/BxjH0I3pxyN90vE:QWIwllUkHVg96k6xjlHy90
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2024

Terms | Privacy