xtremerat | 1538b7406bc0c3f1d8fc6e83d5e87071ecff1632e13909bbacabe337ecd09f09 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...0e.exe

windows7-x64

JaffaCakes...0e.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_a18f1578fec60da63811257fe3829b0e
Size

788KB
Sample

250118-gvgnesvmes
MD5

a18f1578fec60da63811257fe3829b0e
SHA1

bc6d198258cf6fdc1336ca77edbc427fb65aa03e
SHA256

1538b7406bc0c3f1d8fc6e83d5e87071ecff1632e13909bbacabe337ecd09f09
SHA512

9615650d415025c169d439294bdd943a02724831e6f4707917c5668a12b8a16a848f96d9871e83f6135cbc80b1de2b4ccb765a26b57eae5c744ff2e6673744d1
SSDEEP

12288:mYaIc7AtPbuGa+BSkEpzmUyyJVzYKj86snJ:7X04PbFBSkcmUyyJpYOeJ

Score

10^/10

xtremerat bootkit discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_a18f1578fec60da63811257fe3829b0e.exe

Resource

win7-20240903-en

xtremerat bootkit discovery persistence rat spyware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_a18f1578fec60da63811257fe3829b0e.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_a18f1578fec60da63811257fe3829b0e
- Size
  
  788KB
- MD5
  
  a18f1578fec60da63811257fe3829b0e
- SHA1
  
  bc6d198258cf6fdc1336ca77edbc427fb65aa03e
- SHA256
  
  1538b7406bc0c3f1d8fc6e83d5e87071ecff1632e13909bbacabe337ecd09f09
- SHA512
  
  9615650d415025c169d439294bdd943a02724831e6f4707917c5668a12b8a16a848f96d9871e83f6135cbc80b1de2b4ccb765a26b57eae5c744ff2e6673744d1
- SSDEEP
  
  12288:mYaIc7AtPbuGa+BSkEpzmUyyJVzYKj86snJ:7X04PbFBSkcmUyyJpYOeJ
Score

10^/10

xtremerat bootkit discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratbootkitdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2025

Terms | Privacy