xtremerat | bb6b6dc9e04213abd1dc3f1325621cf42b3f04b44058b1190e8af0265e57d3e6 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...a2.exe

windows7-x64

JaffaCakes...a2.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_23e1abb5ba4e2c1b23f203b080af42a2
Size

323KB
Sample

250226-f19qqa1rw3
MD5

23e1abb5ba4e2c1b23f203b080af42a2
SHA1

505db8d9b5ec0f511285c826df934d36bed7f401
SHA256

bb6b6dc9e04213abd1dc3f1325621cf42b3f04b44058b1190e8af0265e57d3e6
SHA512

e0039f030cd0f1553a6b9b24c8ec2d13e883d9f2c96dba6d7da5a9cf307d28f024396ce52f8e95a8fef33a8402600e3bda724e1033675305d71aa4b9258c24c6
SSDEEP

3072:tYFpijtYA37CFr1Bxw0E0K37+NSHTNWVQ3MhJF8lZfhr4csKL6SrpyVHVDNJ:aFIA1XwRDPRWVQ3+klZfhEcsKL6l

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_23e1abb5ba4e2c1b23f203b080af42a2.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_23e1abb5ba4e2c1b23f203b080af42a2.exe

Resource

win10v2004-20250217-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

yesmoke.no-ip.org

Targets

- Target
  
  JaffaCakes118_23e1abb5ba4e2c1b23f203b080af42a2
- Size
  
  323KB
- MD5
  
  23e1abb5ba4e2c1b23f203b080af42a2
- SHA1
  
  505db8d9b5ec0f511285c826df934d36bed7f401
- SHA256
  
  bb6b6dc9e04213abd1dc3f1325621cf42b3f04b44058b1190e8af0265e57d3e6
- SHA512
  
  e0039f030cd0f1553a6b9b24c8ec2d13e883d9f2c96dba6d7da5a9cf307d28f024396ce52f8e95a8fef33a8402600e3bda724e1033675305d71aa4b9258c24c6
- SSDEEP
  
  3072:tYFpijtYA37CFr1Bxw0E0K37+NSHTNWVQ3MhJF8lZfhr4csKL6SrpyVHVDNJ:aFIA1XwRDPRWVQ3+klZfhEcsKL6l
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2025

Terms | Privacy