xtremerat | b1a063a92528c192400d9a031b295acca8f5773a10c7663655d4e779c30b2659 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...e0.exe

windows7-x64

JaffaCakes...e0.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_63cfe5bb2399a9a09bceb05cd93761e0
Size

95KB
Sample

250102-kdmd5atkgz
MD5

63cfe5bb2399a9a09bceb05cd93761e0
SHA1

c1bbf1cc74d026f92e3bf4d77fb2432a67434620
SHA256

b1a063a92528c192400d9a031b295acca8f5773a10c7663655d4e779c30b2659
SHA512

1e4fa9a575372a200403dfd47c161da491232c02a0b3550343542b392314dff94befdfb58e250972af92c5e89fe3e2f612bbbb536c78b3bde66b165ffa394400
SSDEEP

1536:i9PB8bUVQ3WZX9xwcwLSbM9VvfHzhe3xnmSfAQTUZdoO3ZjE:i9PB8bU2Csc+2M9BLhe3ZAQwLoO3Zj

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_63cfe5bb2399a9a09bceb05cd93761e0.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_63cfe5bb2399a9a09bceb05cd93761e0.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

stanko.no-ip.biz

Targets

- Target
  
  JaffaCakes118_63cfe5bb2399a9a09bceb05cd93761e0
- Size
  
  95KB
- MD5
  
  63cfe5bb2399a9a09bceb05cd93761e0
- SHA1
  
  c1bbf1cc74d026f92e3bf4d77fb2432a67434620
- SHA256
  
  b1a063a92528c192400d9a031b295acca8f5773a10c7663655d4e779c30b2659
- SHA512
  
  1e4fa9a575372a200403dfd47c161da491232c02a0b3550343542b392314dff94befdfb58e250972af92c5e89fe3e2f612bbbb536c78b3bde66b165ffa394400
- SSDEEP
  
  1536:i9PB8bUVQ3WZX9xwcwLSbM9VvfHzhe3xnmSfAQTUZdoO3ZjE:i9PB8bU2Csc+2M9BLhe3ZAQwLoO3Zj
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2025

Terms | Privacy