xtremerat

General

Target

JaffaCakes118_0f28d9f5713a606bc1bc8554bb9fd694
Size

934KB
Sample

250122-tccyqstnaw
MD5

0f28d9f5713a606bc1bc8554bb9fd694
SHA1

bf56f7f7dd8860e698f58aea2e2e658dbe705008
SHA256

080473b13a294961678932c9b543a55695995da095fbe446d2b7419ba894f618
SHA512

1de48bfe31388cc88d54ac0374f484291b43275991b0ee184febc39c7cb7b9e4aff1e31149e68adc56e63a76f3a41364b1c1f733ce80e3c126984349d08f5091
SSDEEP

24576:0KfWvLrUv+SVuPm+aGkIumDBqQOb2dr5CNiadAWOvja5:RkPUGsu++a2ume4EC5vjk

Score

10^/10

Malware Config

Extracted

Family

xtremerat

C2

mikropbisey.no-ip.biz

Targets

- Target
  
  MSNTRO~1.EXE
- Size
  
  1.8MB
- MD5
  
  f7fc6598d7256905a765ac27afd68174
- SHA1
  
  ad1f67a8ca392711fff9abbfba502c3c4a82d3c8
- SHA256
  
  313dc4f22f34f63ae40aa915767fbe693b7cefe8e7040362bfd4a3f7ae12459f
- SHA512
  
  31023df4723bcc8ecaa2a90b9e15d31f514cce2a006514704dd6b2a229e5cea85ac0f867b8e6e1fce66f05582edb8e6e0bb2978514009ba28979870b8ee98da7
- SSDEEP
  
  24576:GDmCbxoC8hklOCUK9TmRohThgBhhZmHt6iae84BhhZvHXFUf2QS:GN9oCgkE16mSYbQ0pubP1ijS
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  msndll.exe
- Size
  
  119KB
- MD5
  
  444af42eedf1678eba46eb04aa3310dd
- SHA1
  
  7e3d7e95820dce4ed0b2775123513fe40463332b
- SHA256
  
  438e621864ee31ab757e92ef4e5120d2a8142fcd650d10f992cedfa236ea3064
- SHA512
  
  b7656360ff7556589e20bc9dea5fe58dafd1e1ed7546892ce5fbadb84d24a15a234251729272a3730f42a870b8d16e87f52946a657a9272ff92a8dbedebf8d2e
- SSDEEP
  
  1536:pOF7+/JyYNWJ85KSUav8lnpmVdhcHgWm1o+Uam5w01yKb:pOFS/IYNWSwSUZmnmAr157m5Z1/
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect XtremeRAT payload

Xtremerat family

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4