xtremerat

General

Target

JaffaCakes118_423c6130a471c600f8d376528702fd15
Size

124KB
Sample

250114-wqy48sxkgl
MD5

423c6130a471c600f8d376528702fd15
SHA1

022e4a467677920b4cc46bcbfaceb35bccf6274c
SHA256

2999f314a6bed51858277069fbaf9ca01d506871d7e7bd4798e76ebc977b4762
SHA512

36608ce1a457c8a358c0752d0975ca7d5e8b44eda87851d6032bd6eeba4bc11cd9d83f77037080a3d7ac98a8f40a63f1dbdea11ae5327fd745f71d7ea3d13210
SSDEEP

3072:/7qXvBlJ9ks1I3cieVDlrJA0iqqyXI5hgsODDjKP:zEvLJys1XieVDBfXEh18S

Score

10^/10

Malware Config

Extracted

Family

xtremerat

C2

dannymatrix.no-ip.org

Targets

- Target
  
  JaffaCakes118_423c6130a471c600f8d376528702fd15
- Size
  
  124KB
- MD5
  
  423c6130a471c600f8d376528702fd15
- SHA1
  
  022e4a467677920b4cc46bcbfaceb35bccf6274c
- SHA256
  
  2999f314a6bed51858277069fbaf9ca01d506871d7e7bd4798e76ebc977b4762
- SHA512
  
  36608ce1a457c8a358c0752d0975ca7d5e8b44eda87851d6032bd6eeba4bc11cd9d83f77037080a3d7ac98a8f40a63f1dbdea11ae5327fd745f71d7ea3d13210
- SSDEEP
  
  3072:/7qXvBlJ9ks1I3cieVDlrJA0iqqyXI5hgsODDjKP:zEvLJys1XieVDBfXEh18S
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect XtremeRAT payload

Xtremerat family

Drops file in System32 directory

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2