xtremerat | 28c32cba3ba55a0b4a1882e2380aaeaa656f0644b2dd700874f94ae6ec652a37 | Triage

Submit
Reports

Overview

overview

Static

static

28c32cba3b...cs.exe

windows7-x64

28c32cba3b...cs.exe

windows10-2004-x64

Sharing

General

Target

28c32cba3ba55a0b4a1882e2380aaeaa656f0644b2dd700874f94ae6ec652a37_NeikiAnalytics.exe
Size

55KB
Sample

240701-a9c58athrn
MD5

04549e6c2678e97f3b00711765b9f110
SHA1

e635c48c215c7f0c13cb98db14185214b403b9f2
SHA256

28c32cba3ba55a0b4a1882e2380aaeaa656f0644b2dd700874f94ae6ec652a37
SHA512

80245fd07af2078ea1b76f40b53761866ae34dde3bb35fe007e8acd529d49b06f75cb8b747fd6847bf8f2cb08accbabe15fd56b633b9d63905fa6edfcd446595
SSDEEP

768:ouMAzLqSQ6kwATx94o0IWhWAKphMltZqgpKeC50Cwfx0mzo:XtLqSQ3w0+rIcKsw4K30K6o

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

28c32cba3ba55a0b4a1882e2380aaeaa656f0644b2dd700874f94ae6ec652a37_NeikiAnalytics.exe

Resource

win7-20231129-en

xtremerat persistence rat spyware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

28c32cba3ba55a0b4a1882e2380aaeaa656f0644b2dd700874f94ae6ec652a37_NeikiAnalytics.exe

Resource

win10v2004-20240226-en

xtremerat persistence rat spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

bloo00d.no-ip.biz

Targets

- Target
  
  28c32cba3ba55a0b4a1882e2380aaeaa656f0644b2dd700874f94ae6ec652a37_NeikiAnalytics.exe
- Size
  
  55KB
- MD5
  
  04549e6c2678e97f3b00711765b9f110
- SHA1
  
  e635c48c215c7f0c13cb98db14185214b403b9f2
- SHA256
  
  28c32cba3ba55a0b4a1882e2380aaeaa656f0644b2dd700874f94ae6ec652a37
- SHA512
  
  80245fd07af2078ea1b76f40b53761866ae34dde3bb35fe007e8acd529d49b06f75cb8b747fd6847bf8f2cb08accbabe15fd56b633b9d63905fa6edfcd446595
- SSDEEP
  
  768:ouMAzLqSQ6kwATx94o0IWhWAKphMltZqgpKeC50Cwfx0mzo:XtLqSQ3w0+rIcKsw4K30K6o
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2024

Terms | Privacy