xtremerat | 18134d44f9e32e9333e9b42ff2be7311400784f0a5c467e2dcb07127cefafe37 | Triage

Submit
Reports

Overview

overview

Static

static

3

18134d44f9...7N.exe

windows7-x64

18134d44f9...7N.exe

windows10-2004-x64

Sharing

General

Target

18134d44f9e32e9333e9b42ff2be7311400784f0a5c467e2dcb07127cefafe37N.exe
Size

62KB
Sample

241127-he1l2aynel
MD5

81150067656989d2e2811d08fdcd7d80
SHA1

5c61ed1e8ac0c787e590067d5e0953ca499f88bd
SHA256

18134d44f9e32e9333e9b42ff2be7311400784f0a5c467e2dcb07127cefafe37
SHA512

74e9c63cac3b60c01463e655304212255be7d0db88896225deac3ed0eb211f7977603c194937dbfb55bf1532d8b8531999b576c3f347002cf3db3c33e70a2324
SSDEEP

1536:b8qS+OLPjNW71rGYDAWeotvXllSTeoJ9s4hxajeNbFF2:bk+OL7NW7zEvotvX/6egu4KUbP2

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

18134d44f9e32e9333e9b42ff2be7311400784f0a5c467e2dcb07127cefafe37N.exe

Resource

win7-20241010-en

xtremerat discovery persistence rat spyware upx

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

18134d44f9e32e9333e9b42ff2be7311400784f0a5c467e2dcb07127cefafe37N.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Targets

- Target
  
  18134d44f9e32e9333e9b42ff2be7311400784f0a5c467e2dcb07127cefafe37N.exe
- Size
  
  62KB
- MD5
  
  81150067656989d2e2811d08fdcd7d80
- SHA1
  
  5c61ed1e8ac0c787e590067d5e0953ca499f88bd
- SHA256
  
  18134d44f9e32e9333e9b42ff2be7311400784f0a5c467e2dcb07127cefafe37
- SHA512
  
  74e9c63cac3b60c01463e655304212255be7d0db88896225deac3ed0eb211f7977603c194937dbfb55bf1532d8b8531999b576c3f347002cf3db3c33e70a2324
- SSDEEP
  
  1536:b8qS+OLPjNW71rGYDAWeotvXllSTeoJ9s4hxajeNbFF2:bk+OL7NW7zEvotvX/6egu4KUbP2
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy