xtremerat | aa44cd3db152fa38c70321433628cb306f956e8b15d808c9622c1abd843e9453 | Triage

Submit
Reports

Overview

overview

Static

static

984857a166...18.exe

windows7-x64

984857a166...18.exe

windows10-2004-x64

Sharing

General

Target

984857a166b08c993fd30d7cc3bc1b6a_JaffaCakes118
Size

21KB
Sample

241125-bfgf8azkft
MD5

984857a166b08c993fd30d7cc3bc1b6a
SHA1

40929c549ba105263f6699a912fa9c469cf22b27
SHA256

aa44cd3db152fa38c70321433628cb306f956e8b15d808c9622c1abd843e9453
SHA512

87788794fb00cdfd40709b25b6f8c9769524534c9889853946b718de9beb9c840539e478b62f5a3408b5676ee59447d634d183f5bd36d2ccba5c9d1a1d678969
SSDEEP

384:cIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNl2KQhb/ulaqjpLR:cIsF81fG9QveLOYTe5YikKEGljr

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

984857a166b08c993fd30d7cc3bc1b6a_JaffaCakes118.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

984857a166b08c993fd30d7cc3bc1b6a_JaffaCakes118.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  984857a166b08c993fd30d7cc3bc1b6a_JaffaCakes118
- Size
  
  21KB
- MD5
  
  984857a166b08c993fd30d7cc3bc1b6a
- SHA1
  
  40929c549ba105263f6699a912fa9c469cf22b27
- SHA256
  
  aa44cd3db152fa38c70321433628cb306f956e8b15d808c9622c1abd843e9453
- SHA512
  
  87788794fb00cdfd40709b25b6f8c9769524534c9889853946b718de9beb9c840539e478b62f5a3408b5676ee59447d634d183f5bd36d2ccba5c9d1a1d678969
- SSDEEP
  
  384:cIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNl2KQhb/ulaqjpLR:cIsF81fG9QveLOYTe5YikKEGljr
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2024

Terms | Privacy