xtremerat | 11d7f93b2f4fce6f9279842c6bd997a0005d8156809b3d0b2849f1856439c1a5 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...27.exe

windows7-x64

JaffaCakes...27.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_8af2d2d5b76bee07f9368262510c1c27
Size

612KB
Sample

250117-n43etaxkck
MD5

8af2d2d5b76bee07f9368262510c1c27
SHA1

00059b7b2451b0c2dfc1811482b4b6897b54d6eb
SHA256

11d7f93b2f4fce6f9279842c6bd997a0005d8156809b3d0b2849f1856439c1a5
SHA512

5a4edf312f3398e4c7d367772b92599b1c4969f4ecd7edaf66230a15ced1a23515fe93e197f62581620ed9afd0e65210f1d784feca0b677b90d43384573b9b66
SSDEEP

1536:EQ1OGEMLcQYGyBIbTko4rgq5FCBLVwkv1:F1OGEMLSyqrmT

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_8af2d2d5b76bee07f9368262510c1c27.exe

Resource

win7-20241010-en

xtremerat discovery persistence rat spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_8af2d2d5b76bee07f9368262510c1c27.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_8af2d2d5b76bee07f9368262510c1c27
- Size
  
  612KB
- MD5
  
  8af2d2d5b76bee07f9368262510c1c27
- SHA1
  
  00059b7b2451b0c2dfc1811482b4b6897b54d6eb
- SHA256
  
  11d7f93b2f4fce6f9279842c6bd997a0005d8156809b3d0b2849f1856439c1a5
- SHA512
  
  5a4edf312f3398e4c7d367772b92599b1c4969f4ecd7edaf66230a15ced1a23515fe93e197f62581620ed9afd0e65210f1d784feca0b677b90d43384573b9b66
- SSDEEP
  
  1536:EQ1OGEMLcQYGyBIbTko4rgq5FCBLVwkv1:F1OGEMLSyqrmT
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2025

Terms | Privacy