xtremerat

General

Target

fe9ed51d3348653ef8ca0d9ddcc976e9_JaffaCakes118
Size

111KB
Sample

241219-f5yt1szqbv
MD5

fe9ed51d3348653ef8ca0d9ddcc976e9
SHA1

0e1b5ec69036369d6d91b1fcc54d70030f94c140
SHA256

846379ec8895b1890befe5ba8d56c2fb47be01e2bed0274829fe9259144d1e64
SHA512

e1e4f97707e53503880ca7bbc7f14ad46079ca124f281452f75e7c2453d81200ab75bbaa9473d56fd0280c2e588b6e727dae9bcfcc84c6cbadbf92a1266b3b48
SSDEEP

1536:JX2Z6iJobVDDPk3huCcSnZQAPBfDf7+PqtCFInVjPVT64Ydjnp5mB6Fg8SN:8Z2xvc3PcSnZ1pGo1d1YdTHmBL8SN

Score

10^/10

Malware Config

Extracted

Family

xtremerat

C2

dannymatrix.no-ip.org

Targets

- Target
  
  fe9ed51d3348653ef8ca0d9ddcc976e9_JaffaCakes118
- Size
  
  111KB
- MD5
  
  fe9ed51d3348653ef8ca0d9ddcc976e9
- SHA1
  
  0e1b5ec69036369d6d91b1fcc54d70030f94c140
- SHA256
  
  846379ec8895b1890befe5ba8d56c2fb47be01e2bed0274829fe9259144d1e64
- SHA512
  
  e1e4f97707e53503880ca7bbc7f14ad46079ca124f281452f75e7c2453d81200ab75bbaa9473d56fd0280c2e588b6e727dae9bcfcc84c6cbadbf92a1266b3b48
- SSDEEP
  
  1536:JX2Z6iJobVDDPk3huCcSnZQAPBfDf7+PqtCFInVjPVT64Ydjnp5mB6Fg8SN:8Z2xvc3PcSnZ1pGo1d1YdTHmBL8SN
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect XtremeRAT payload

Xtremerat family

Drops file in System32 directory

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2