xtremerat | 43f428ac2e6dd248f019eb8b40bf4207e87075a652a0407516cec118ada0cc39 | Triage

Submit
Reports

Overview

overview

Static

static

3

2270904a3d...18.exe

windows7-x64

2270904a3d...18.exe

windows10-2004-x64

Sharing

General

Target

2270904a3d0065599fbf2dc327d00c28_JaffaCakes118
Size

133KB
Sample

240703-p5ektaweqd
MD5

2270904a3d0065599fbf2dc327d00c28
SHA1

c49d9f308071921fb3ad6d88ee9fecef1a678756
SHA256

43f428ac2e6dd248f019eb8b40bf4207e87075a652a0407516cec118ada0cc39
SHA512

6864e3b4e353cc710fcdc4185626de3f03edc800022510489d0c5e620d23bde76738b7298413a929b0c8d8bacdb53498e0fa7a97cb8e35dbc81f472615eeb122
SSDEEP

3072:Vodx7H3MsmT9hVqlTBWkhFRnl3ewQNYcIDwGWmigZ:aM5WBWkPtAdIDpDiu

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2270904a3d0065599fbf2dc327d00c28_JaffaCakes118.exe

Resource

win7-20240611-en

xtremerat persistence rat spyware

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

2270904a3d0065599fbf2dc327d00c28_JaffaCakes118.exe

Resource

win10v2004-20240611-en

xtremerat persistence rat spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

freshness.dyndns-ip.com

Targets

- Target
  
  2270904a3d0065599fbf2dc327d00c28_JaffaCakes118
- Size
  
  133KB
- MD5
  
  2270904a3d0065599fbf2dc327d00c28
- SHA1
  
  c49d9f308071921fb3ad6d88ee9fecef1a678756
- SHA256
  
  43f428ac2e6dd248f019eb8b40bf4207e87075a652a0407516cec118ada0cc39
- SHA512
  
  6864e3b4e353cc710fcdc4185626de3f03edc800022510489d0c5e620d23bde76738b7298413a929b0c8d8bacdb53498e0fa7a97cb8e35dbc81f472615eeb122
- SSDEEP
  
  3072:Vodx7H3MsmT9hVqlTBWkhFRnl3ewQNYcIDwGWmigZ:aM5WBWkPtAdIDpDiu
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2024

Terms | Privacy