xtremerat | 6d678dacc238c1b2118bd2bb49f9dc502d13c0e355fd093b3334b9955335e53f | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...99.exe

windows7-x64

JaffaCakes...99.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_63bd3ce1179cc0cf06798757511d7499
Size

33KB
Sample

250102-j33lzavqal
MD5

63bd3ce1179cc0cf06798757511d7499
SHA1

3f50c34b3bcde72af31c548aef3e378b813260ce
SHA256

6d678dacc238c1b2118bd2bb49f9dc502d13c0e355fd093b3334b9955335e53f
SHA512

ca3d4bf1dc3ff4e385d53f65bd964574e981b1a8d6c218334378ade5c5ab6620d2fb9d3c6bd499af566cdbe8480f53257df20da9a1d8a667906e902a561333fe
SSDEEP

768:lMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66lttPF/F8gY:uNW71rcYDAWeotvXlrPFl

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_63bd3ce1179cc0cf06798757511d7499.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_63bd3ce1179cc0cf06798757511d7499.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

gh11223344.no-ip.biz

Targets

- Target
  
  JaffaCakes118_63bd3ce1179cc0cf06798757511d7499
- Size
  
  33KB
- MD5
  
  63bd3ce1179cc0cf06798757511d7499
- SHA1
  
  3f50c34b3bcde72af31c548aef3e378b813260ce
- SHA256
  
  6d678dacc238c1b2118bd2bb49f9dc502d13c0e355fd093b3334b9955335e53f
- SHA512
  
  ca3d4bf1dc3ff4e385d53f65bd964574e981b1a8d6c218334378ade5c5ab6620d2fb9d3c6bd499af566cdbe8480f53257df20da9a1d8a667906e902a561333fe
- SSDEEP
  
  768:lMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66lttPF/F8gY:uNW71rcYDAWeotvXlrPFl
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy