xtremerat | 513cc0358da1ca3bdccf318ec64f987136430d269131ef41d18a04e8c05cc2b4 | Triage

Sharing

General

Target

aad34dd1d214e16e4f8a7fa3d34317c2_JaffaCakes118
Size

226KB
Sample

241128-d5dsqszmaq
MD5

aad34dd1d214e16e4f8a7fa3d34317c2
SHA1

f5adf58196cc530803de927a15f43324fda62f16
SHA256

513cc0358da1ca3bdccf318ec64f987136430d269131ef41d18a04e8c05cc2b4
SHA512

bdc218037343d4ab5d43eba725419294b21c25626da0a42eb18c2b54e7ef0f6a82e0c5df88cab64902f2a4bfe2e53264deb51eda07c9ef2000d5d06f7602618b
SSDEEP

3072:qA1BSHmygn5nvTBfcFbKx5pYycCkZKKjricB3BOzfNBl3zB+Sw84R1DQN:qUSHmygnpTB0Fb8B8KKjricPGjlDBIq

Score

10^/10

xtremerat discovery persistence rat spyware

Malware Config

Targets

- Target
  
  aad34dd1d214e16e4f8a7fa3d34317c2_JaffaCakes118
- Size
  
  226KB
- MD5
  
  aad34dd1d214e16e4f8a7fa3d34317c2
- SHA1
  
  f5adf58196cc530803de927a15f43324fda62f16
- SHA256
  
  513cc0358da1ca3bdccf318ec64f987136430d269131ef41d18a04e8c05cc2b4
- SHA512
  
  bdc218037343d4ab5d43eba725419294b21c25626da0a42eb18c2b54e7ef0f6a82e0c5df88cab64902f2a4bfe2e53264deb51eda07c9ef2000d5d06f7602618b
- SSDEEP
  
  3072:qA1BSHmygn5nvTBfcFbKx5pYycCkZKKjricB3BOzfNBl3zB+Sw84R1DQN:qUSHmygnpTB0Fb8B8KKjricPGjlDBIq
Score

10^/10

xtremerat discovery persistence rat spyware
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware