xtremerat | 0db379fbd85259c02e205ae9928c2c6eaa67a01855de378151a76791b801b967 | Triage

Submit
Reports

Overview

overview

Static

static

7

249465d160...18.exe

windows7-x64

249465d160...18.exe

windows10-2004-x64

Sharing

General

Target

249465d1606903a36d425b536e1c6820_JaffaCakes118
Size

236KB
Sample

240704-ep4jwstdrj
MD5

249465d1606903a36d425b536e1c6820
SHA1

87d2ce49be0b62df606f4796533da6da2611e233
SHA256

0db379fbd85259c02e205ae9928c2c6eaa67a01855de378151a76791b801b967
SHA512

874d0a59bb2ee2a48d8fba14f57dbf9cb4a34d1266a715b5bc81287b08912d7c9d8e0fb90f3052d6902012f6b0f43959e5f087242029693fd85c3e7827a05e0e
SSDEEP

6144:3mhEHu+ufcxIrsbM9LKT0H1VVI/F7ZJJ5RIBXwVxlZHT:dHutjrsbQ6CVeLswDlB

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

249465d1606903a36d425b536e1c6820_JaffaCakes118.exe

Resource

win7-20231129-en

xtremerat persistence rat spyware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

249465d1606903a36d425b536e1c6820_JaffaCakes118.exe

Resource

win10v2004-20240508-en

xtremerat persistence rat spyware

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

dzxdz.no-ip.info

Targets

- Target
  
  249465d1606903a36d425b536e1c6820_JaffaCakes118
- Size
  
  236KB
- MD5
  
  249465d1606903a36d425b536e1c6820
- SHA1
  
  87d2ce49be0b62df606f4796533da6da2611e233
- SHA256
  
  0db379fbd85259c02e205ae9928c2c6eaa67a01855de378151a76791b801b967
- SHA512
  
  874d0a59bb2ee2a48d8fba14f57dbf9cb4a34d1266a715b5bc81287b08912d7c9d8e0fb90f3052d6902012f6b0f43959e5f087242029693fd85c3e7827a05e0e
- SSDEEP
  
  6144:3mhEHu+ufcxIrsbM9LKT0H1VVI/F7ZJJ5RIBXwVxlZHT:dHutjrsbQ6CVeLswDlB
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Molebox Virtualization software
  Detects file using Molebox Virtualization software.
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2024

Terms | Privacy