xtremerat | 6b1c48540d967dce47807f8bb93a23414c0ae44f81857adc241648a578bc0bbe | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...2f.exe

windows7-x64

JaffaCakes...2f.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_a59d604f68d17572e8277dd461af942f
Size

130KB
Sample

250206-bemxlszpdq
MD5

a59d604f68d17572e8277dd461af942f
SHA1

a94d25d8c59251cb00b8b2d7746213b0f146571d
SHA256

6b1c48540d967dce47807f8bb93a23414c0ae44f81857adc241648a578bc0bbe
SHA512

6223e37871c4fed694d2153ff3e032d6f143a1b15cffd10190543dd8b3ec4259ee4eceaddc40d6926bb4837c92edf8c0e9f10948efc038cfe6525066e7b4eacd
SSDEEP

1536:zPR0BFCHDTY08s3i80BQfYEpCHD13zXpdyz8qyoYQqw9PBZueu0An2aV+NVi1vRn:oN0jpc3FQz5PyeX2V+VQRBKLaOZV+n

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_a59d604f68d17572e8277dd461af942f.exe

Resource

win7-20241010-en

xtremerat discovery persistence rat spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_a59d604f68d17572e8277dd461af942f.exe

Resource

win10v2004-20250129-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_a59d604f68d17572e8277dd461af942f
- Size
  
  130KB
- MD5
  
  a59d604f68d17572e8277dd461af942f
- SHA1
  
  a94d25d8c59251cb00b8b2d7746213b0f146571d
- SHA256
  
  6b1c48540d967dce47807f8bb93a23414c0ae44f81857adc241648a578bc0bbe
- SHA512
  
  6223e37871c4fed694d2153ff3e032d6f143a1b15cffd10190543dd8b3ec4259ee4eceaddc40d6926bb4837c92edf8c0e9f10948efc038cfe6525066e7b4eacd
- SSDEEP
  
  1536:zPR0BFCHDTY08s3i80BQfYEpCHD13zXpdyz8qyoYQqw9PBZueu0An2aV+NVi1vRn:oN0jpc3FQz5PyeX2V+VQRBKLaOZV+n
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2025

Terms | Privacy