xtremerat | 46a59687a181061a0b64a9f7361bbac78cd4c346420948033addbd601472e170 | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...c7.exe

windows7-x64

JaffaCakes...c7.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_bab1656920852a63f972493c7ef800c7
Size

33KB
Sample

250207-ybtx3strds
MD5

bab1656920852a63f972493c7ef800c7
SHA1

abeb5197dd04b25cf8204e37f9bf0b239afb1f9b
SHA256

46a59687a181061a0b64a9f7361bbac78cd4c346420948033addbd601472e170
SHA512

7f56101942dd756d3af73e8d68647f3002b98e2e2c59fb4bb5ba325650a3b06b516cf2253cf5df3fae0a6356b088170f74ca00cfb789810cc4da40943d99c1e6
SSDEEP

768:SMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66lj/txMpfYgsS:PNW71rcYDAWeotvXljFKQ

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_bab1656920852a63f972493c7ef800c7.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_bab1656920852a63f972493c7ef800c7.exe

Resource

win10v2004-20250207-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

swatch25.no-ip.biz

Targets

- Target
  
  JaffaCakes118_bab1656920852a63f972493c7ef800c7
- Size
  
  33KB
- MD5
  
  bab1656920852a63f972493c7ef800c7
- SHA1
  
  abeb5197dd04b25cf8204e37f9bf0b239afb1f9b
- SHA256
  
  46a59687a181061a0b64a9f7361bbac78cd4c346420948033addbd601472e170
- SHA512
  
  7f56101942dd756d3af73e8d68647f3002b98e2e2c59fb4bb5ba325650a3b06b516cf2253cf5df3fae0a6356b088170f74ca00cfb789810cc4da40943d99c1e6
- SSDEEP
  
  768:SMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66lj/txMpfYgsS:PNW71rcYDAWeotvXljFKQ
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Downloads MZ/PE file
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy