xtremerat | f23b8e5ef80bad9f0c094f0aff7c9ab873846ee61c83045ab5d7b66523b8ce8f | Triage

Submit
Reports

Overview

overview

Static

static

3

26f22c2710...18.exe

windows7-x64

26f22c2710...18.exe

windows10-2004-x64

Sharing

General

Target

26f22c271092c92be366a8b47bc3a97b_JaffaCakes118
Size

164KB
Sample

240705-qv7paayhlq
MD5

26f22c271092c92be366a8b47bc3a97b
SHA1

eabd601cdc6f9c8fa5115c5d73bd0ca1b059cd1d
SHA256

f23b8e5ef80bad9f0c094f0aff7c9ab873846ee61c83045ab5d7b66523b8ce8f
SHA512

b60da3376ad1462b5507895720629ce855b0bfc2d582ee1e6a02975d3180d152a17e51d1308d4bec8144f15614fbd76207af98637b1fa080e5358706960d8276
SSDEEP

3072:gaMUY+pd0jsNR+0n7a3+k9IEgfzX4hk+XwW/jLPtBEx3VStGnCK:t8ANb7a3+kS7UzdnPtBeUInCK

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

26f22c271092c92be366a8b47bc3a97b_JaffaCakes118.exe

Resource

win7-20240704-en

xtremerat persistence rat spyware upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

26f22c271092c92be366a8b47bc3a97b_JaffaCakes118.exe

Resource

win10v2004-20240704-en

xtremerat persistence rat spyware upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

dannymatrix.no-ip.org

Targets

- Target
  
  26f22c271092c92be366a8b47bc3a97b_JaffaCakes118
- Size
  
  164KB
- MD5
  
  26f22c271092c92be366a8b47bc3a97b
- SHA1
  
  eabd601cdc6f9c8fa5115c5d73bd0ca1b059cd1d
- SHA256
  
  f23b8e5ef80bad9f0c094f0aff7c9ab873846ee61c83045ab5d7b66523b8ce8f
- SHA512
  
  b60da3376ad1462b5507895720629ce855b0bfc2d582ee1e6a02975d3180d152a17e51d1308d4bec8144f15614fbd76207af98637b1fa080e5358706960d8276
- SSDEEP
  
  3072:gaMUY+pd0jsNR+0n7a3+k9IEgfzX4hk+XwW/jLPtBEx3VStGnCK:t8ANb7a3+kS7UzdnPtBeUInCK
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2024

Terms | Privacy