xtremerat | 249247e67ef295a5ddfda8efc2e88abb10ecf05cc0e1fda7089b36794f599e83 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

JaffaCakes...c7.exe

windows7-x64

JaffaCakes...c7.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_80d1e5b8b5d64fbc76b768e05cce43c7
Size

95KB
Sample

250320-cc71fazvdz
MD5

80d1e5b8b5d64fbc76b768e05cce43c7
SHA1

6e6a1453fcbb30e96402b4936234db1d2ec9651f
SHA256

249247e67ef295a5ddfda8efc2e88abb10ecf05cc0e1fda7089b36794f599e83
SHA512

75a3ed58062cbe536cd7601b899b48f9727edc031737d8431af530384d82eaed0aee7350a180894a96984613d78d01e1ce2c4d79e6cc8cd0709f8cad1930023f
SSDEEP

1536:2psRlTCJVbE4HS3nM0ZsFFT/QbazprM5tGFO0sK5BCceQ6WEakIN+0QGBVBIl2if:LaVbDHmuTQUMad5EcqPB6IlhPnH

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_80d1e5b8b5d64fbc76b768e05cce43c7.exe

Resource

win7-20240729-en

xtremerat discovery persistence rat spyware upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_80d1e5b8b5d64fbc76b768e05cce43c7.exe

Resource

win10v2004-20250314-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_80d1e5b8b5d64fbc76b768e05cce43c7
- Size
  
  95KB
- MD5
  
  80d1e5b8b5d64fbc76b768e05cce43c7
- SHA1
  
  6e6a1453fcbb30e96402b4936234db1d2ec9651f
- SHA256
  
  249247e67ef295a5ddfda8efc2e88abb10ecf05cc0e1fda7089b36794f599e83
- SHA512
  
  75a3ed58062cbe536cd7601b899b48f9727edc031737d8431af530384d82eaed0aee7350a180894a96984613d78d01e1ce2c4d79e6cc8cd0709f8cad1930023f
- SSDEEP
  
  1536:2psRlTCJVbE4HS3nM0ZsFFT/QbazprM5tGFO0sK5BCceQ6WEakIN+0QGBVBIl2if:LaVbDHmuTQUMad5EcqPB6IlhPnH
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

behavioral2

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy