xtremerat

General

Target

JaffaCakes118_0e7622405ca5626eb71a146152920da4
Size

105KB
Sample

250122-rnf4eszpby
MD5

0e7622405ca5626eb71a146152920da4
SHA1

875729847db7f3b7691e7510efb5f4f348cbb2cc
SHA256

45d04ddf5b327e1a2e6cc1051c4dd748f21ca87f1ecfae0d0b7b96e606f421cc
SHA512

aed1ba25f33d7f1d7f07a76de209606296a08f70904847870fec9b325b7b28a0118a40f4ff7301c800eb0ff2ad93eb1499a80b1fd148465c4c83f1da1603aa5e
SSDEEP

1536:Ss/psfKLveiUj+UgapkUbl+Wg1liDzssei13OzJbYhXh7dBemgKYHLHl2yODxleq:r/cyelTpkUbQW8yiiFxhEmg9HLH3sxB

Score

10^/10

Malware Config

Extracted

Family

xtremerat

C2

mmsalti.no-ip.org

Targets

- Target
  
  JaffaCakes118_0e7622405ca5626eb71a146152920da4
- Size
  
  105KB
- MD5
  
  0e7622405ca5626eb71a146152920da4
- SHA1
  
  875729847db7f3b7691e7510efb5f4f348cbb2cc
- SHA256
  
  45d04ddf5b327e1a2e6cc1051c4dd748f21ca87f1ecfae0d0b7b96e606f421cc
- SHA512
  
  aed1ba25f33d7f1d7f07a76de209606296a08f70904847870fec9b325b7b28a0118a40f4ff7301c800eb0ff2ad93eb1499a80b1fd148465c4c83f1da1603aa5e
- SSDEEP
  
  1536:Ss/psfKLveiUj+UgapkUbl+Wg1liDzssei13OzJbYhXh7dBemgKYHLHl2yODxleq:r/cyelTpkUbQW8yiiFxhEmg9HLH3sxB
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect XtremeRAT payload

Xtremerat family

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2