xtremerat

General

Target

JaffaCakes118_da0af3e686fed546be5b6b72c8fa73c5
Size

657KB
Sample

250210-lnx42sxlhr
MD5

da0af3e686fed546be5b6b72c8fa73c5
SHA1

797d25724f0bbb12a041f71ed1b5c16760cc8ddf
SHA256

a9b9158a681ab964207ef6871fa876524fa389fafd7daa7c0f3ee93662a55c73
SHA512

339df2d46ee03ce9b66c86f9f569d5fc0197c33382328158fb5a524ee983fb3ae0ee6248297aec597328445b3ee73d0721d969056c02aca0b75cfded409ef3c9
SSDEEP

12288:/7CfKaEtRqYvd4i+JKX4vHbvoQ2BZzZ8jnDawtaCqUHB2UhOXgTrP1:/7htki+JKIv8QmZzZ8jDay1qUhzegTr9

Score

10^/10

Malware Config

Extracted

Family

xtremerat

C2

korcerrah.no-ip.biz

Targets

- Target
  
  JaffaCakes118_da0af3e686fed546be5b6b72c8fa73c5
- Size
  
  657KB
- MD5
  
  da0af3e686fed546be5b6b72c8fa73c5
- SHA1
  
  797d25724f0bbb12a041f71ed1b5c16760cc8ddf
- SHA256
  
  a9b9158a681ab964207ef6871fa876524fa389fafd7daa7c0f3ee93662a55c73
- SHA512
  
  339df2d46ee03ce9b66c86f9f569d5fc0197c33382328158fb5a524ee983fb3ae0ee6248297aec597328445b3ee73d0721d969056c02aca0b75cfded409ef3c9
- SSDEEP
  
  12288:/7CfKaEtRqYvd4i+JKX4vHbvoQ2BZzZ8jnDawtaCqUHB2UhOXgTrP1:/7htki+JKIv8QmZzZ8jDay1qUhzegTr9
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect XtremeRAT payload

Xtremerat family

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2