xtremerat

General

Target

JaffaCakes118_4ce04f0ce4bf44fd628de378fcc80df1
Size

95KB
Sample

250128-ts6wraxldr
MD5

4ce04f0ce4bf44fd628de378fcc80df1
SHA1

41301b0a6594f2ce4f5f2a1dd348ae3c5193ca83
SHA256

43a092eff2e2af87ff060518e071e14f4ec22460d47a546fdddba8bc0e2c22b5
SHA512

6b1712a8a4a02f7794b107b27bb140c38fc475cf124a812074331c7740661c689094e8e7ad8f57fc6e6d4f20a6e9564caa6bba99d09c0f708572120c36895798
SSDEEP

1536:7leFkLjr+fEQclXjwXkXhULR+VXG6te793GgaYZtdRuwLGKvdmuRcth0GkIu0nJ:7xL3Xp2R+JQBWetHBLGKvM+ohTV

Score

10^/10

Malware Config

Extracted

Family

xtremerat

C2

destroyit.no-ip.info

Targets

- Target
  
  JaffaCakes118_4ce04f0ce4bf44fd628de378fcc80df1
- Size
  
  95KB
- MD5
  
  4ce04f0ce4bf44fd628de378fcc80df1
- SHA1
  
  41301b0a6594f2ce4f5f2a1dd348ae3c5193ca83
- SHA256
  
  43a092eff2e2af87ff060518e071e14f4ec22460d47a546fdddba8bc0e2c22b5
- SHA512
  
  6b1712a8a4a02f7794b107b27bb140c38fc475cf124a812074331c7740661c689094e8e7ad8f57fc6e6d4f20a6e9564caa6bba99d09c0f708572120c36895798
- SSDEEP
  
  1536:7leFkLjr+fEQclXjwXkXhULR+VXG6te793GgaYZtdRuwLGKvdmuRcth0GkIu0nJ:7xL3Xp2R+JQBWetHBLGKvM+ohTV
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect XtremeRAT payload

Xtremerat family

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2