xtremerat | 7b03186ab37b808a1735e79b1a4512237602cc1051fd3a23bb656140be329cc8 | Triage

Submit
Reports

Overview

overview

Static

static

7

JaffaCakes...77.exe

windows7-x64

JaffaCakes...77.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_79ad99e401b7c8d6d11194d3136e0777
Size

170KB
Sample

250104-pm1eka1phl
MD5

79ad99e401b7c8d6d11194d3136e0777
SHA1

734833033aaa79dd010ffd0aa6e87633d08d66fe
SHA256

7b03186ab37b808a1735e79b1a4512237602cc1051fd3a23bb656140be329cc8
SHA512

2b5e6508ef6f13a0974ac53071fc0f704af5ed46220c35cd8b89514bb895a6f6115501ed3c495b47c6867eedc14553559249769352001c14be3f17c454cb10a7
SSDEEP

3072:Z8hMYQReUWNA96HM0XnpvTyQqGfiExDlKbHluAnZ0ESsz8XF291GiS+SfB5x/GMw:C278U2U4TyQQExDwbFuAZHSsYV29zS+R

Score

10^/10

xtremerat aspackv2 bootkit discovery persistence rat spyware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_79ad99e401b7c8d6d11194d3136e0777.exe

Resource

win7-20240903-en

xtremerat bootkit discovery persistence rat spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_79ad99e401b7c8d6d11194d3136e0777.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

mohamed-ajel.no-ip.org

Targets

- Target
  
  JaffaCakes118_79ad99e401b7c8d6d11194d3136e0777
- Size
  
  170KB
- MD5
  
  79ad99e401b7c8d6d11194d3136e0777
- SHA1
  
  734833033aaa79dd010ffd0aa6e87633d08d66fe
- SHA256
  
  7b03186ab37b808a1735e79b1a4512237602cc1051fd3a23bb656140be329cc8
- SHA512
  
  2b5e6508ef6f13a0974ac53071fc0f704af5ed46220c35cd8b89514bb895a6f6115501ed3c495b47c6867eedc14553559249769352001c14be3f17c454cb10a7
- SSDEEP
  
  3072:Z8hMYQReUWNA96HM0XnpvTyQqGfiExDlKbHluAnZ0ESsz8XF291GiS+SfB5x/GMw:C278U2U4TyQQExDwbFuAZHSsYV29zS+R
Score

10^/10

xtremerat bootkit discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratbootkitdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2025

Terms | Privacy