xtremerat | 3f7c9c97010e043df357cea88cf1ad4f2c7075731676389bd6fd7043e75fb8f9 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...e3.exe

windows7-x64

JaffaCakes...e3.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_c4bec08a7d4e65710317bd8c5e32f7e3
Size

97KB
Sample

250208-tckctatma1
MD5

c4bec08a7d4e65710317bd8c5e32f7e3
SHA1

ade7ee609e3c25d576568a29a332872b266bdc20
SHA256

3f7c9c97010e043df357cea88cf1ad4f2c7075731676389bd6fd7043e75fb8f9
SHA512

c961c71f816b52585957216ae19947e156e4cb430ad28de4dcbf09c6d9d791c052448fbe07769790065458301c7a7f1b674c196639bb154424202c11aa18ff78
SSDEEP

1536:68g+JSXNSeVeJUauz0z9OjGQehxVuH7VtOhlthndT0BFLnE+G6DxCEp:6R+JSdSBuz0z9OjG1xUx8/tpdgfEwLp

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_c4bec08a7d4e65710317bd8c5e32f7e3.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_c4bec08a7d4e65710317bd8c5e32f7e3.exe

Resource

win10v2004-20250207-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

franco1.no-ip.org

Targets

- Target
  
  JaffaCakes118_c4bec08a7d4e65710317bd8c5e32f7e3
- Size
  
  97KB
- MD5
  
  c4bec08a7d4e65710317bd8c5e32f7e3
- SHA1
  
  ade7ee609e3c25d576568a29a332872b266bdc20
- SHA256
  
  3f7c9c97010e043df357cea88cf1ad4f2c7075731676389bd6fd7043e75fb8f9
- SHA512
  
  c961c71f816b52585957216ae19947e156e4cb430ad28de4dcbf09c6d9d791c052448fbe07769790065458301c7a7f1b674c196639bb154424202c11aa18ff78
- SSDEEP
  
  1536:68g+JSXNSeVeJUauz0z9OjGQehxVuH7VtOhlthndT0BFLnE+G6DxCEp:6R+JSdSBuz0z9OjG1xUx8/tpdgfEwLp
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy