xtremerat | 59e2210634d95d55b9510f342ed54d7757f7f9ff7e89b8100e6f5e3d79d7b636 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

JaffaCakes...76.exe

windows7-x64

JaffaCakes...76.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_718c1fb3db94e28340ec9d5f02afaf76
Size

225KB
Sample

250313-wal5qsyvbt
MD5

718c1fb3db94e28340ec9d5f02afaf76
SHA1

276dfaa39f666c7f347aef957a5b428270620133
SHA256

59e2210634d95d55b9510f342ed54d7757f7f9ff7e89b8100e6f5e3d79d7b636
SHA512

160131700c1e3ccb111ea676e02d18b3c22f866c79a0309c89c84ade61a94cdb717c210f8318dc71929742bd827560f1e3aa9f7a6695af2fa9b25946475a75fd
SSDEEP

6144:3ExPtKZQSi1Iv0Ps/eHHeaY9A0rBkk3hf0hpckuB74Dq:oYZLqA0ECeaY5Zh6ckuB74Dq

Score

10^/10

xtremerat discovery persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_718c1fb3db94e28340ec9d5f02afaf76.exe

Resource

win7-20241010-en

xtremerat discovery persistence rat spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_718c1fb3db94e28340ec9d5f02afaf76.exe

Resource

win10v2004-20250313-en

xtremerat discovery persistence rat spyware

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

⡐ﳀmedoo.no-ip.org

Targets

- Target
  
  JaffaCakes118_718c1fb3db94e28340ec9d5f02afaf76
- Size
  
  225KB
- MD5
  
  718c1fb3db94e28340ec9d5f02afaf76
- SHA1
  
  276dfaa39f666c7f347aef957a5b428270620133
- SHA256
  
  59e2210634d95d55b9510f342ed54d7757f7f9ff7e89b8100e6f5e3d79d7b636
- SHA512
  
  160131700c1e3ccb111ea676e02d18b3c22f866c79a0309c89c84ade61a94cdb717c210f8318dc71929742bd827560f1e3aa9f7a6695af2fa9b25946475a75fd
- SSDEEP
  
  6144:3ExPtKZQSi1Iv0Ps/eHHeaY9A0rBkk3hf0hpckuB74Dq:oYZLqA0ECeaY5Zh6ckuB74Dq
Score

10^/10

xtremerat discovery persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspyware

behavioral2

xtremeratdiscoverypersistenceratspyware

© 2018-2025

Terms | Privacy