xtremerat | eb441531940d93e21294e00508f64209d3d8af24a35310c34c91e436ff61b920 | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...f4.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_adbd5bcbab544a5094ed42aad5afc0f4
Size

21KB
Sample

250411-k442vsvpy7
MD5

adbd5bcbab544a5094ed42aad5afc0f4
SHA1

ccebd8c3fb2e288efda0becb46b000b956bf4f62
SHA256

eb441531940d93e21294e00508f64209d3d8af24a35310c34c91e436ff61b920
SHA512

b1c25084569e30007329e5ecc25586cdb6a2bd75237d3b296de19f094d53489a9ba460fda65fa7ce25017f4964d89c9aa73327a8990bf74d86def55623ae9d39
SSDEEP

384:8IdmF+TH95xJMu/0PlxjV8BINhuLJ37tMOpuqqz3KK7eIVmbYXb1gorR/spLR:8IsF8HdbKjV8BX7Vy6K7eIVYYL1JrRk

Score

10^/10

xtremerat discovery persistence rat spyware upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_adbd5bcbab544a5094ed42aad5afc0f4.exe

Resource

win10v2004-20250410-en

xtremerat discovery persistence rat spyware upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_adbd5bcbab544a5094ed42aad5afc0f4
- Size
  
  21KB
- MD5
  
  adbd5bcbab544a5094ed42aad5afc0f4
- SHA1
  
  ccebd8c3fb2e288efda0becb46b000b956bf4f62
- SHA256
  
  eb441531940d93e21294e00508f64209d3d8af24a35310c34c91e436ff61b920
- SHA512
  
  b1c25084569e30007329e5ecc25586cdb6a2bd75237d3b296de19f094d53489a9ba460fda65fa7ce25017f4964d89c9aa73327a8990bf74d86def55623ae9d39
- SSDEEP
  
  384:8IdmF+TH95xJMu/0PlxjV8BINhuLJ37tMOpuqqz3KK7eIVmbYXb1gorR/spLR:8IsF8HdbKjV8BX7Vy6K7eIVYYL1JrRk
Score

10^/10

xtremerat discovery persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xtremeratdiscoverypersistenceratspywareupx

© 2018-2025

Terms | Privacy