xtremerat | 4c083492999f81f02babbfca027d2b484f7bb4e432c2cf17824f42004c5bb50a | Triage

Submit
Reports

Overview

overview

Static

static

7

JaffaCakes...44.exe

windows7-x64

JaffaCakes...44.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_616eab44f50aa866fd0ef9a5b118ff44
Size

131KB
Sample

250102-abnjastpgk
MD5

616eab44f50aa866fd0ef9a5b118ff44
SHA1

9b2c5d7610fc0c84f0e2c803f3b2157f7a6860d1
SHA256

4c083492999f81f02babbfca027d2b484f7bb4e432c2cf17824f42004c5bb50a
SHA512

58382203a128997feda33207e20f43ff5582e22f641364f1292b4be298259df26c7f9e8052566bf5a70e41cf9bf245803efb76317028d60cd51814642fce43b4
SSDEEP

3072:d83h69aSMFJ1z4G19SIzKrEIOfE7BQL43KyYm5gtp4ZxRJ:dIFxczrB5246g5gtp4Z

Score

10^/10

xtremerat aspackv2 discovery evasion persistence rat spyware trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_616eab44f50aa866fd0ef9a5b118ff44.exe

Resource

win7-20240903-en

xtremerat discovery evasion persistence rat spyware trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_616eab44f50aa866fd0ef9a5b118ff44.exe

Resource

win10v2004-20241007-en

xtremerat discovery evasion persistence rat spyware trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

mnnww.no-ip.biz

Targets

- Target
  
  JaffaCakes118_616eab44f50aa866fd0ef9a5b118ff44
- Size
  
  131KB
- MD5
  
  616eab44f50aa866fd0ef9a5b118ff44
- SHA1
  
  9b2c5d7610fc0c84f0e2c803f3b2157f7a6860d1
- SHA256
  
  4c083492999f81f02babbfca027d2b484f7bb4e432c2cf17824f42004c5bb50a
- SHA512
  
  58382203a128997feda33207e20f43ff5582e22f641364f1292b4be298259df26c7f9e8052566bf5a70e41cf9bf245803efb76317028d60cd51814642fce43b4
- SSDEEP
  
  3072:d83h69aSMFJ1z4G19SIzKrEIOfE7BQL43KyYm5gtp4ZxRJ:dIFxczrB5246g5gtp4Z
Score

10^/10

xtremerat discovery evasion persistence rat spyware trojan upx
- Detect XtremeRAT payload
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoveryevasionpersistenceratspywaretrojanupx

behavioral2

xtremeratdiscoveryevasionpersistenceratspywaretrojanupx

© 2018-2025

Terms | Privacy