xtremerat | 716007a7e29737848c50cd618e657b27d719af0a8e87b19db0770666fabf7bf3 | Triage

Submit
Reports

Overview

overview

Static

static

7

JaffaCakes...fa.exe

windows7-x64

JaffaCakes...fa.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_0c260d1bd64109525153cfd455e604fa
Size

171KB
Sample

250112-ma6dyayjct
MD5

0c260d1bd64109525153cfd455e604fa
SHA1

805a24df9e8beecd86edac4031ddb6c0ce29eb40
SHA256

716007a7e29737848c50cd618e657b27d719af0a8e87b19db0770666fabf7bf3
SHA512

c8cb870c91d68022f67c411e3b4990dd45511ae816728c9d129a0b5b5bc8483ec8defe14a22c6a1a14bb68dfae4609f17f6243a06ca34d2246083c34922311bd
SSDEEP

3072:EshbBO2q5PPTYmHfRKOB1BM6xhQL1WRZdGiTIlmIx8lBNwzb1OPDYWuODh:rBo5PPEm/RfB1BM6x2LQbKxOGborB

Score

10^/10

xtremerat aspackv2 discovery persistence rat spyware upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_0c260d1bd64109525153cfd455e604fa.exe

Resource

win7-20241010-en

xtremerat discovery persistence rat spyware upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_0c260d1bd64109525153cfd455e604fa.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_0c260d1bd64109525153cfd455e604fa
- Size
  
  171KB
- MD5
  
  0c260d1bd64109525153cfd455e604fa
- SHA1
  
  805a24df9e8beecd86edac4031ddb6c0ce29eb40
- SHA256
  
  716007a7e29737848c50cd618e657b27d719af0a8e87b19db0770666fabf7bf3
- SHA512
  
  c8cb870c91d68022f67c411e3b4990dd45511ae816728c9d129a0b5b5bc8483ec8defe14a22c6a1a14bb68dfae4609f17f6243a06ca34d2246083c34922311bd
- SSDEEP
  
  3072:EshbBO2q5PPTYmHfRKOB1BM6xhQL1WRZdGiTIlmIx8lBNwzb1OPDYWuODh:rBo5PPEm/RfB1BM6x2LQbKxOGborB
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy