xtremerat | c9d47aa23f51f27f51082ccaabb34093da7832945f587d0b32a53e21d9a2824d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

JaffaCakes...0d.exe

windows7-x64

JaffaCakes...0d.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_274b2285d73409e280ddf70f330e3f0d
Size

238KB
Sample

250125-cj863s1pbk
MD5

274b2285d73409e280ddf70f330e3f0d
SHA1

98140f542775f6c73b795713d7fe1b5828b15a53
SHA256

c9d47aa23f51f27f51082ccaabb34093da7832945f587d0b32a53e21d9a2824d
SHA512

5bda5ddfb6f76dc60fff4c3049f8102c20e2cafc6992de4b40ba6d75c474a37b395db353e5c50d57c1520e84481bdd5bd1351c74abca7bfe2c21ced62007816a
SSDEEP

6144:mOHhnV9TaWanVx7B0zEhcaFpvBw1nHAUlLMvUJEWinnfMa+9a:mO9Tahnb7BDMp6MuWif2a

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_274b2285d73409e280ddf70f330e3f0d.exe

Resource

win7-20240729-en

xtremerat discovery persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_274b2285d73409e280ddf70f330e3f0d.exe

Resource

win10v2004-20241007-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

psycho-mantis.no-ip.org

Targets

- Target
  
  JaffaCakes118_274b2285d73409e280ddf70f330e3f0d
- Size
  
  238KB
- MD5
  
  274b2285d73409e280ddf70f330e3f0d
- SHA1
  
  98140f542775f6c73b795713d7fe1b5828b15a53
- SHA256
  
  c9d47aa23f51f27f51082ccaabb34093da7832945f587d0b32a53e21d9a2824d
- SHA512
  
  5bda5ddfb6f76dc60fff4c3049f8102c20e2cafc6992de4b40ba6d75c474a37b395db353e5c50d57c1520e84481bdd5bd1351c74abca7bfe2c21ced62007816a
- SSDEEP
  
  6144:mOHhnV9TaWanVx7B0zEhcaFpvBw1nHAUlLMvUJEWinnfMa+9a:mO9Tahnb7BDMp6MuWif2a
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy