xtremerat | fc0cdbaf1a621057518fcc82b9b4acf0a9211917813148ad86932ee454cf4bd9 | Triage

Submit
Reports

Overview

overview

Static

static

3

fc0cdbaf1a...9N.exe

windows7-x64

3

fc0cdbaf1a...9N.exe

windows10-2004-x64

Sharing

General

Target

fc0cdbaf1a621057518fcc82b9b4acf0a9211917813148ad86932ee454cf4bd9N.exe
Size

386KB
Sample

250108-vx2chayqfk
MD5

6de938a7158ae94c22f565ebd140eb10
SHA1

74402a8ad6a892e6e0beca567ad600c4fdb7a416
SHA256

fc0cdbaf1a621057518fcc82b9b4acf0a9211917813148ad86932ee454cf4bd9
SHA512

7d94468fcf3ad66a1f0b836eae13363ff318ef8048e48f3b526fac09e672edf99127bc254e9d703c8f4747834228eee6898612c9362929f89690543e36edda1c
SSDEEP

12288:AxFgQMRLeUfKUa0+AsFkaqLTn3YBy5aeT:IEfK/O9TnfgeT

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fc0cdbaf1a621057518fcc82b9b4acf0a9211917813148ad86932ee454cf4bd9N.exe

Resource

win7-20240708-en

windows7-x64

3 signatures

120 seconds

Behavioral task

behavioral2

Sample

fc0cdbaf1a621057518fcc82b9b4acf0a9211917813148ad86932ee454cf4bd9N.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Targets

- Target
  
  fc0cdbaf1a621057518fcc82b9b4acf0a9211917813148ad86932ee454cf4bd9N.exe
- Size
  
  386KB
- MD5
  
  6de938a7158ae94c22f565ebd140eb10
- SHA1
  
  74402a8ad6a892e6e0beca567ad600c4fdb7a416
- SHA256
  
  fc0cdbaf1a621057518fcc82b9b4acf0a9211917813148ad86932ee454cf4bd9
- SHA512
  
  7d94468fcf3ad66a1f0b836eae13363ff318ef8048e48f3b526fac09e672edf99127bc254e9d703c8f4747834228eee6898612c9362929f89690543e36edda1c
- SSDEEP
  
  12288:AxFgQMRLeUfKUa0+AsFkaqLTn3YBy5aeT:IEfK/O9TnfgeT
Score

10^/10

discovery xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2025

Terms | Privacy