xtremerat | bd22d7a8343e1458fb83631442e09ad733945fc964f0e84e5338356f2c9200dc | Triage

Submit
Reports

Overview

overview

Static

static

3

c553c6254d...18.exe

windows7-x64

c553c6254d...18.exe

windows10-2004-x64

Sharing

General

Target

c553c6254ddc31aad3b02ff04ee9dce9_JaffaCakes118
Size

301KB
Sample

241205-b8pnasxqel
MD5

c553c6254ddc31aad3b02ff04ee9dce9
SHA1

57ecb4bf03854164e3887dffafded843fefe96e3
SHA256

bd22d7a8343e1458fb83631442e09ad733945fc964f0e84e5338356f2c9200dc
SHA512

18fb0c22a17da23dc2f43c6c41faa5807ba84362709200f318ce5714d0868765400dc4f8bb70e79f0f1a65fc6c5da1c44c197704eaeda1a5416410333818fd5e
SSDEEP

6144:Qa4mFBMrCEckihB3RxSFxqFznnaetR0hdHDQv73pV+so:QahFBICn733gQzx/0hdHkv7c

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c553c6254ddc31aad3b02ff04ee9dce9_JaffaCakes118.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

c553c6254ddc31aad3b02ff04ee9dce9_JaffaCakes118.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

turkishwarrior.no-ip.biz

Targets

- Target
  
  c553c6254ddc31aad3b02ff04ee9dce9_JaffaCakes118
- Size
  
  301KB
- MD5
  
  c553c6254ddc31aad3b02ff04ee9dce9
- SHA1
  
  57ecb4bf03854164e3887dffafded843fefe96e3
- SHA256
  
  bd22d7a8343e1458fb83631442e09ad733945fc964f0e84e5338356f2c9200dc
- SHA512
  
  18fb0c22a17da23dc2f43c6c41faa5807ba84362709200f318ce5714d0868765400dc4f8bb70e79f0f1a65fc6c5da1c44c197704eaeda1a5416410333818fd5e
- SSDEEP
  
  6144:Qa4mFBMrCEckihB3RxSFxqFznnaetR0hdHDQv73pV+so:QahFBICn733gQzx/0hdHkv7c
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2025

Terms | Privacy