xtremerat | 1043e51735e933b8878c576fb34d17663d79c62fc55c6f3f53bb04bda5e5145d | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...53.exe

windows7-x64

JaffaCakes...53.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_e6ee51832750f81ede27aa934bdb9653
Size

202KB
Sample

250211-q1btsstnfl
MD5

e6ee51832750f81ede27aa934bdb9653
SHA1

b4682f6ecc48a32f5b73174cf967e29459b6c1c2
SHA256

1043e51735e933b8878c576fb34d17663d79c62fc55c6f3f53bb04bda5e5145d
SHA512

d2d4b30382b37040b553da79f926205cbeef6921c36f36d4998d62dbe5321bb400f4a57ecede97fd319afedd97f7d4abe85f178892df50362bacb9466f631a94
SSDEEP

3072:tYFpijtYA37CFr1Bxw0E0K37+NSHTNWVQ3MhJF8lZfhr4csKL6SrpyVHVDNJ:aFIA1XwRDPRWVQ3+klZfhEcsKL6l

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_e6ee51832750f81ede27aa934bdb9653.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_e6ee51832750f81ede27aa934bdb9653.exe

Resource

win10v2004-20250207-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

yesmoke.no-ip.org

Targets

- Target
  
  JaffaCakes118_e6ee51832750f81ede27aa934bdb9653
- Size
  
  202KB
- MD5
  
  e6ee51832750f81ede27aa934bdb9653
- SHA1
  
  b4682f6ecc48a32f5b73174cf967e29459b6c1c2
- SHA256
  
  1043e51735e933b8878c576fb34d17663d79c62fc55c6f3f53bb04bda5e5145d
- SHA512
  
  d2d4b30382b37040b553da79f926205cbeef6921c36f36d4998d62dbe5321bb400f4a57ecede97fd319afedd97f7d4abe85f178892df50362bacb9466f631a94
- SSDEEP
  
  3072:tYFpijtYA37CFr1Bxw0E0K37+NSHTNWVQ3MhJF8lZfhr4csKL6SrpyVHVDNJ:aFIA1XwRDPRWVQ3+klZfhEcsKL6l
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2025

Terms | Privacy