xtremerat | 6da67635f97ae7851d174785a537bb652cdd81df909c6e5a65047313c16b25f4 | Triage

Submit
Reports

Overview

overview

Static

static

3

27bea8d5dc...18.exe

windows7-x64

27bea8d5dc...18.exe

windows10-2004-x64

Sharing

General

Target

27bea8d5dc7096ba6bc3e64eb8c0538b_JaffaCakes118
Size

68KB
Sample

240706-jelnjstbne
MD5

27bea8d5dc7096ba6bc3e64eb8c0538b
SHA1

d30a8dba846837f4264ac3727272991df1341e08
SHA256

6da67635f97ae7851d174785a537bb652cdd81df909c6e5a65047313c16b25f4
SHA512

0361158cc4c749aa7d3a04b7132d97bd6ba9e7ad86dc7f253f0cd01d1e933495e68dbd9494585d0b27c2f1e8545dd4fd3183fd40dd955ec85cdf013889d1400b
SSDEEP

768:1XxOS44sR2L2Xd24dW/rvMQMNh4Mmv71rHWd8fif2QnAiF5e41u1tcoOVVRVcs:RP7LRKwbMFNev7tBqfTHDKtcoAVcs

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

27bea8d5dc7096ba6bc3e64eb8c0538b_JaffaCakes118.exe

Resource

win7-20240508-en

xtremerat persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

27bea8d5dc7096ba6bc3e64eb8c0538b_JaffaCakes118.exe

Resource

win10v2004-20240704-en

xtremerat persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

ogdd.servemp3.com

Targets

- Target
  
  27bea8d5dc7096ba6bc3e64eb8c0538b_JaffaCakes118
- Size
  
  68KB
- MD5
  
  27bea8d5dc7096ba6bc3e64eb8c0538b
- SHA1
  
  d30a8dba846837f4264ac3727272991df1341e08
- SHA256
  
  6da67635f97ae7851d174785a537bb652cdd81df909c6e5a65047313c16b25f4
- SHA512
  
  0361158cc4c749aa7d3a04b7132d97bd6ba9e7ad86dc7f253f0cd01d1e933495e68dbd9494585d0b27c2f1e8545dd4fd3183fd40dd955ec85cdf013889d1400b
- SSDEEP
  
  768:1XxOS44sR2L2Xd24dW/rvMQMNh4Mmv71rHWd8fif2QnAiF5e41u1tcoOVVRVcs:RP7LRKwbMFNev7tBqfTHDKtcoAVcs
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2024

Terms | Privacy