xtremerat | b6a45feda45bf6b24362aacf994697e182c729a1030ec32115696b0798bd5299 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

JaffaCakes...43.exe

windows7-x64

JaffaCakes...43.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_79618611ac6a760a5613780f7b3e7943
Size

65KB
Sample

250316-jag5kayky6
MD5

79618611ac6a760a5613780f7b3e7943
SHA1

9f94724025210be321f6ed875e8f3682f89cc78c
SHA256

b6a45feda45bf6b24362aacf994697e182c729a1030ec32115696b0798bd5299
SHA512

50c4f8e88dea2489ff97a1d850da470cd42275172b26ec8568f7111750bf31e443e9a26c258c312fa2f1e4d0ad8d6ba94725a00be1f79a0c79c36c1fdd4cfb19
SSDEEP

1536:JXlel971b9LhPjgvckT7aNxhBs+BTf8o5Vujqu:JXls9svPT70xhBs+9fvY/

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_79618611ac6a760a5613780f7b3e7943.exe

Resource

win7-20240903-en

xtremerat discovery persistence rat spyware upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_79618611ac6a760a5613780f7b3e7943.exe

Resource

win10v2004-20250313-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_79618611ac6a760a5613780f7b3e7943
- Size
  
  65KB
- MD5
  
  79618611ac6a760a5613780f7b3e7943
- SHA1
  
  9f94724025210be321f6ed875e8f3682f89cc78c
- SHA256
  
  b6a45feda45bf6b24362aacf994697e182c729a1030ec32115696b0798bd5299
- SHA512
  
  50c4f8e88dea2489ff97a1d850da470cd42275172b26ec8568f7111750bf31e443e9a26c258c312fa2f1e4d0ad8d6ba94725a00be1f79a0c79c36c1fdd4cfb19
- SSDEEP
  
  1536:JXlel971b9LhPjgvckT7aNxhBs+BTf8o5Vujqu:JXls9svPT70xhBs+9fvY/
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy