xtremerat | 188278452f81eae9bb68fdceaf6f5b75188bfb8f33792ea2115abfc12fe35871 | Triage

Submit
Reports

Overview

overview

Static

static

3

188278452f...71.exe

windows7-x64

5

188278452f...71.exe

windows10-2004-x64

Sharing

General

Target

188278452f81eae9bb68fdceaf6f5b75188bfb8f33792ea2115abfc12fe35871.exe
Size

386KB
Sample

250108-bnrxxsxnev
MD5

6a01559558f60ce650be0d9ac259c5ba
SHA1

80b9b13b29a147ad64793de62cd5165ed83523f0
SHA256

188278452f81eae9bb68fdceaf6f5b75188bfb8f33792ea2115abfc12fe35871
SHA512

5b1aaccd96c6cabaf8ad7c7ca0eef7178689af6af5c9c775dcfc22826f8bb70230133dae335f49d614b7afadf442516f2ce34108514610dde27919b1b2e0b27a
SSDEEP

12288:AxFgQMRLeUfKUa0+AsFkaqLTn3YBy5aeb:IEfK/O9Tnfgeb

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

188278452f81eae9bb68fdceaf6f5b75188bfb8f33792ea2115abfc12fe35871.exe

Resource

win7-20241023-en

windows7-x64

5 signatures

120 seconds

Behavioral task

behavioral2

Sample

188278452f81eae9bb68fdceaf6f5b75188bfb8f33792ea2115abfc12fe35871.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Targets

- Target
  
  188278452f81eae9bb68fdceaf6f5b75188bfb8f33792ea2115abfc12fe35871.exe
- Size
  
  386KB
- MD5
  
  6a01559558f60ce650be0d9ac259c5ba
- SHA1
  
  80b9b13b29a147ad64793de62cd5165ed83523f0
- SHA256
  
  188278452f81eae9bb68fdceaf6f5b75188bfb8f33792ea2115abfc12fe35871
- SHA512
  
  5b1aaccd96c6cabaf8ad7c7ca0eef7178689af6af5c9c775dcfc22826f8bb70230133dae335f49d614b7afadf442516f2ce34108514610dde27919b1b2e0b27a
- SSDEEP
  
  12288:AxFgQMRLeUfKUa0+AsFkaqLTn3YBy5aeb:IEfK/O9Tnfgeb
Score

10^/10

discovery xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2025

Terms | Privacy