xtremerat | 9353119292e5132c8dc532f9de296446ca3a4a140da6f07bd9783fb93a07a5ad | Triage

Submit
Reports

Overview

overview

Static

static

3

260cb3e7a9...18.exe

windows7-x64

260cb3e7a9...18.exe

windows10-2004-x64

Sharing

General

Target

260cb3e7a96cae0871865d25c50d7503_JaffaCakes118
Size

216KB
Sample

240704-yj1etsyakc
MD5

260cb3e7a96cae0871865d25c50d7503
SHA1

d8c51b3e89b3097b808fedb55e339debd4891af6
SHA256

9353119292e5132c8dc532f9de296446ca3a4a140da6f07bd9783fb93a07a5ad
SHA512

aba8127b8069801f731abaf3743e0c4d4fcab5a1a937a202d98b3af142139487733ae0320fd08ac63dd1292308b2b1a2349f430622bed01b1cd504b34a4cb47b
SSDEEP

6144:tJglPrsbldrGXVnCqcttEGkjK2JXXHg3z82OFqHv3V:tGhGlgRCq+tLkjvHHLCt

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

260cb3e7a96cae0871865d25c50d7503_JaffaCakes118.exe

Resource

win7-20240419-en

xtremerat persistence rat spyware upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

260cb3e7a96cae0871865d25c50d7503_JaffaCakes118.exe

Resource

win10v2004-20240508-en

xtremerat persistence rat spyware upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  260cb3e7a96cae0871865d25c50d7503_JaffaCakes118
- Size
  
  216KB
- MD5
  
  260cb3e7a96cae0871865d25c50d7503
- SHA1
  
  d8c51b3e89b3097b808fedb55e339debd4891af6
- SHA256
  
  9353119292e5132c8dc532f9de296446ca3a4a140da6f07bd9783fb93a07a5ad
- SHA512
  
  aba8127b8069801f731abaf3743e0c4d4fcab5a1a937a202d98b3af142139487733ae0320fd08ac63dd1292308b2b1a2349f430622bed01b1cd504b34a4cb47b
- SSDEEP
  
  6144:tJglPrsbldrGXVnCqcttEGkjK2JXXHg3z82OFqHv3V:tGhGlgRCq+tLkjvHHLCt
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2024

Terms | Privacy