xtremerat | 5de00dd1a531be0249d174d5542dac457d4019b5163ea64d18d116e2750327e1 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...fe.exe

windows7-x64

JaffaCakes...fe.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_c579c77aab7d55003e16ee77d8e871fe
Size

180KB
Sample

250109-l5drqsypgp
MD5

c579c77aab7d55003e16ee77d8e871fe
SHA1

6766fa883b36c3fbe4237de3fcd35984f8043681
SHA256

5de00dd1a531be0249d174d5542dac457d4019b5163ea64d18d116e2750327e1
SHA512

ad6964673900df48a8c2599517324553fcf04d4b9ba605eb452c648a193780b6dc72720740b4c46d3311d85835f7c6fa823f79587f5903e9b237cf705a7b85ea
SSDEEP

3072:wW/p7H3PfZmVgu6madOO7vl3JosedK3zBnHc:wW/p7XpaF61sO7NZoseQ3lH

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_c579c77aab7d55003e16ee77d8e871fe.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_c579c77aab7d55003e16ee77d8e871fe.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_c579c77aab7d55003e16ee77d8e871fe
- Size
  
  180KB
- MD5
  
  c579c77aab7d55003e16ee77d8e871fe
- SHA1
  
  6766fa883b36c3fbe4237de3fcd35984f8043681
- SHA256
  
  5de00dd1a531be0249d174d5542dac457d4019b5163ea64d18d116e2750327e1
- SHA512
  
  ad6964673900df48a8c2599517324553fcf04d4b9ba605eb452c648a193780b6dc72720740b4c46d3311d85835f7c6fa823f79587f5903e9b237cf705a7b85ea
- SSDEEP
  
  3072:wW/p7H3PfZmVgu6madOO7vl3JosedK3zBnHc:wW/p7XpaF61sO7NZoseQ3lH
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy