xtremerat

General

Target

JaffaCakes118_cbc16e71dc91da34675fc286c4108f5f
Size

320KB
Sample

250209-gab77sxjcw
MD5

cbc16e71dc91da34675fc286c4108f5f
SHA1

dafd6ea2d2cc8cd15d5229f58deb6656817fe0e6
SHA256

3a69a7047704eece1a85471641968a5b43269cac5bd2e5d55e6afea8b260d1a2
SHA512

48784f9308a5af17f06856d30487573be93dcada9c166683b81e7e61e56bc2757d36b4deb59f190f7efaf3b50880c8f76437a10a87e5a64e61e8274ef359bd29
SSDEEP

6144:uYt9a+zY6LS/ByH3rglTK0paVRlFRY27NFK0GUUkHVgxb6dq8/BxjH0:Bfa+E6uZyH3rgN6Vb/Y2RAUUkHVg96kk

Score

10^/10

Malware Config

Targets

- Target
  
  JaffaCakes118_cbc16e71dc91da34675fc286c4108f5f
- Size
  
  320KB
- MD5
  
  cbc16e71dc91da34675fc286c4108f5f
- SHA1
  
  dafd6ea2d2cc8cd15d5229f58deb6656817fe0e6
- SHA256
  
  3a69a7047704eece1a85471641968a5b43269cac5bd2e5d55e6afea8b260d1a2
- SHA512
  
  48784f9308a5af17f06856d30487573be93dcada9c166683b81e7e61e56bc2757d36b4deb59f190f7efaf3b50880c8f76437a10a87e5a64e61e8274ef359bd29
- SSDEEP
  
  6144:uYt9a+zY6LS/ByH3rglTK0paVRlFRY27NFK0GUUkHVgxb6dq8/BxjH0:Bfa+E6uZyH3rgN6Vb/Y2RAUUkHVg96kk
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

System Network Configuration Discovery

1

T1016

Internet Connection Discovery

1

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect XtremeRAT payload

Xtremerat family

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2