xtremerat | 8ef007d13da4bae8ce2eda5a528a4a6fcf9de026c968fb99ef1d21d510413d6e | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...de.exe

windows7-x64

JaffaCakes...de.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_59b3791c9f1d8a19aa4b7dbccdeb33de
Size

33KB
Sample

250129-wgmpvavmas
MD5

59b3791c9f1d8a19aa4b7dbccdeb33de
SHA1

575651a488bcdac7e4bdf1e58c9e1d558427c269
SHA256

8ef007d13da4bae8ce2eda5a528a4a6fcf9de026c968fb99ef1d21d510413d6e
SHA512

9e9947646ab0786f59ebecf4e3809c14d0fca2d497e77c9939e2b1af8320868def69e18dc98f03166f4030e29ed38734348144cef987eaa550b7282c77c7fc73
SSDEEP

768:8MuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66lFXeeyK+G:1NW71rcYDAWeotvXlF

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_59b3791c9f1d8a19aa4b7dbccdeb33de.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_59b3791c9f1d8a19aa4b7dbccdeb33de.exe

Resource

win10v2004-20250129-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

耀آtaskhost.servehttp.com

Targets

- Target
  
  JaffaCakes118_59b3791c9f1d8a19aa4b7dbccdeb33de
- Size
  
  33KB
- MD5
  
  59b3791c9f1d8a19aa4b7dbccdeb33de
- SHA1
  
  575651a488bcdac7e4bdf1e58c9e1d558427c269
- SHA256
  
  8ef007d13da4bae8ce2eda5a528a4a6fcf9de026c968fb99ef1d21d510413d6e
- SHA512
  
  9e9947646ab0786f59ebecf4e3809c14d0fca2d497e77c9939e2b1af8320868def69e18dc98f03166f4030e29ed38734348144cef987eaa550b7282c77c7fc73
- SSDEEP
  
  768:8MuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66lFXeeyK+G:1NW71rcYDAWeotvXlF
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy