xtremerat | 5aca68fe75d6011c3ec20041b95a717ffd9476b754d980e403af39d539f6d25d | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...fd.exe

windows7-x64

JaffaCakes...fd.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_d21a9de892014e784492d644343271fd
Size

36KB
Sample

250209-wj81vsykfm
MD5

d21a9de892014e784492d644343271fd
SHA1

ea6c715df19372604c03331b21d54f2faf9a7023
SHA256

5aca68fe75d6011c3ec20041b95a717ffd9476b754d980e403af39d539f6d25d
SHA512

bdfc18fc4c6a3d951448ac93e91aa9fa7d68ea1895757e01c0ee29121246b1a63a3435c90927341389538f7a85e4140b1dcf7a0eb04efe7c7f9d3e575823a571
SSDEEP

768:yMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66lvagwvJ:vNW71rcYDAWeotvXliVR

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_d21a9de892014e784492d644343271fd.exe

Resource

win7-20241010-en

xtremerat discovery persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_d21a9de892014e784492d644343271fd.exe

Resource

win10v2004-20250207-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

oo7bond.no-ip.biz

Targets

- Target
  
  JaffaCakes118_d21a9de892014e784492d644343271fd
- Size
  
  36KB
- MD5
  
  d21a9de892014e784492d644343271fd
- SHA1
  
  ea6c715df19372604c03331b21d54f2faf9a7023
- SHA256
  
  5aca68fe75d6011c3ec20041b95a717ffd9476b754d980e403af39d539f6d25d
- SHA512
  
  bdfc18fc4c6a3d951448ac93e91aa9fa7d68ea1895757e01c0ee29121246b1a63a3435c90927341389538f7a85e4140b1dcf7a0eb04efe7c7f9d3e575823a571
- SSDEEP
  
  768:yMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66lvagwvJ:vNW71rcYDAWeotvXliVR
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Downloads MZ/PE file
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy