xtremerat | c8285e82e00afb79b82f2fde9527f047df72d75487676676a8b8fbcb0a35747c | Triage

Submit
Reports

Overview

overview

Static

static

3

229efe77ea...18.exe

windows7-x64

229efe77ea...18.exe

windows10-2004-x64

Sharing

General

Target

229efe77ea6d66a60aefb8e95cd5a9ac_JaffaCakes118
Size

232KB
Sample

240703-rdkc4a1eqc
MD5

229efe77ea6d66a60aefb8e95cd5a9ac
SHA1

36b00f8d6454bf3eb9eb29d71e405e6ebf233cce
SHA256

c8285e82e00afb79b82f2fde9527f047df72d75487676676a8b8fbcb0a35747c
SHA512

8b9baf5b2ef4d504eb2c90e668c91b18ca0e592a15e1143194c048ace4cf9fd66f44044a533e70db167e6b8888f1ddc3ffc5582c520eec745672ea70889d2026
SSDEEP

3072:++i1hgLbuclIga+0+1CmNNMV5nk6cwxpRInphz5NMJiLM05tznIkwok1nlFY9++4:++5rlIinfMVPcwvGzjMILRzjwbleXI

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

229efe77ea6d66a60aefb8e95cd5a9ac_JaffaCakes118.exe

Resource

win7-20240508-en

xtremerat persistence rat spyware

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

229efe77ea6d66a60aefb8e95cd5a9ac_JaffaCakes118.exe

Resource

win10v2004-20240611-en

xtremerat persistence rat spyware

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  229efe77ea6d66a60aefb8e95cd5a9ac_JaffaCakes118
- Size
  
  232KB
- MD5
  
  229efe77ea6d66a60aefb8e95cd5a9ac
- SHA1
  
  36b00f8d6454bf3eb9eb29d71e405e6ebf233cce
- SHA256
  
  c8285e82e00afb79b82f2fde9527f047df72d75487676676a8b8fbcb0a35747c
- SHA512
  
  8b9baf5b2ef4d504eb2c90e668c91b18ca0e592a15e1143194c048ace4cf9fd66f44044a533e70db167e6b8888f1ddc3ffc5582c520eec745672ea70889d2026
- SSDEEP
  
  3072:++i1hgLbuclIga+0+1CmNNMV5nk6cwxpRInphz5NMJiLM05tznIkwok1nlFY9++4:++5rlIinfMVPcwvGzjMILRzjwbleXI
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2024

Terms | Privacy