xtremerat | bdfc0d91fb3d88e0d7719d7da22beb5cb53807910d21474239550c6fd29675dd | Triage

Submit
Reports

Overview

overview

Static

static

3

c3cdde3584...18.exe

windows7-x64

c3cdde3584...18.exe

windows10-2004-x64

Sharing

General

Target

c3cdde3584516d89851440cebdd655ee_JaffaCakes118
Size

340KB
Sample

241204-wyd42avkav
MD5

c3cdde3584516d89851440cebdd655ee
SHA1

f045ad188f27cb821e554ee7ff05bb5a7e79e0d1
SHA256

bdfc0d91fb3d88e0d7719d7da22beb5cb53807910d21474239550c6fd29675dd
SHA512

8c90d48d6297d109e2a286a312b2caaaf2d6e59590e8c52b0a6632846500af49f40126bd7ebd8662418a787aa6348a07567012a1cd02d8ba17da6202e82009aa
SSDEEP

1536:CAQA36S1au3I9IctmOjBCz1OUiLyU/ZJH2XOYNeSbHq+9ahADGtoBkzzRSz:96SMukjBCz1HiLt/ZJ0X8SbHqqJk34z

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c3cdde3584516d89851440cebdd655ee_JaffaCakes118.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

c3cdde3584516d89851440cebdd655ee_JaffaCakes118.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

no-hack.zapto.org

ꏸ栞⡲Ɔcamfrog-ir.zapto.org

camfrog-2r9.zapto.org

Targets

- Target
  
  c3cdde3584516d89851440cebdd655ee_JaffaCakes118
- Size
  
  340KB
- MD5
  
  c3cdde3584516d89851440cebdd655ee
- SHA1
  
  f045ad188f27cb821e554ee7ff05bb5a7e79e0d1
- SHA256
  
  bdfc0d91fb3d88e0d7719d7da22beb5cb53807910d21474239550c6fd29675dd
- SHA512
  
  8c90d48d6297d109e2a286a312b2caaaf2d6e59590e8c52b0a6632846500af49f40126bd7ebd8662418a787aa6348a07567012a1cd02d8ba17da6202e82009aa
- SSDEEP
  
  1536:CAQA36S1au3I9IctmOjBCz1OUiLyU/ZJH2XOYNeSbHq+9ahADGtoBkzzRSz:96SMukjBCz1HiLt/ZJ0X8SbHqqJk34z
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2025

Terms | Privacy