xtremerat | 1dfae01636f73d6b4fdfee9e19ba37e1a2f6db7efc3b0d69690dc2d68e4a88c7 | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...be.exe

windows7-x64

JaffaCakes...be.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe
Size

40KB
Sample

250115-whs81szncv
MD5

5e0e3ec1a307f22bae37cc7f0ccc5cbe
SHA1

fd851564f2e84e5cc6d5de5ca914c46db568dd60
SHA256

1dfae01636f73d6b4fdfee9e19ba37e1a2f6db7efc3b0d69690dc2d68e4a88c7
SHA512

b4ff21a6bdb97c97ea1842425fcf4661b8f27488f59b5fe37ec7524a634d508b8eebc963a4bd7db81e27a3ef220adeb4efda38cab3ac78d80a27d89477660c33
SSDEEP

768:sE9hghdN12Ozhiow2Gkm6TcB/pBzNBwIldMzoH:su+zMOlw2GkmdB/Bld8oH

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe
- Size
  
  40KB
- MD5
  
  5e0e3ec1a307f22bae37cc7f0ccc5cbe
- SHA1
  
  fd851564f2e84e5cc6d5de5ca914c46db568dd60
- SHA256
  
  1dfae01636f73d6b4fdfee9e19ba37e1a2f6db7efc3b0d69690dc2d68e4a88c7
- SHA512
  
  b4ff21a6bdb97c97ea1842425fcf4661b8f27488f59b5fe37ec7524a634d508b8eebc963a4bd7db81e27a3ef220adeb4efda38cab3ac78d80a27d89477660c33
- SSDEEP
  
  768:sE9hghdN12Ozhiow2Gkm6TcB/pBzNBwIldMzoH:su+zMOlw2GkmdB/Bld8oH
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2025

Terms | Privacy