xtremerat | 9084d64fbcd5e6562eb4f80af38be53cd0a13570c5c99609825922556139f290 | Triage

Submit
Reports

Overview

overview

Static

static

3

28089893c1...18.exe

windows7-x64

28089893c1...18.exe

windows10-2004-x64

Sharing

General

Target

28089893c1d9e756f0ae4af23123ec53_JaffaCakes118
Size

356KB
Sample

240706-lbkceswerg
MD5

28089893c1d9e756f0ae4af23123ec53
SHA1

a71764ef8171820e147da35dd1dd2c239d1feb02
SHA256

9084d64fbcd5e6562eb4f80af38be53cd0a13570c5c99609825922556139f290
SHA512

f1b08bf20a6fac2c6db68d7ffb9fc71875c26d95032715f28521c7996abc12b6a334aa16bff3174f630db297ab1d1ddf65752f4e23a4817231877c40f9ed4fd2
SSDEEP

6144:Kxev4M2Jg+EYZr8iyD2/VfZfNL4WGnpgRRk+aAj89KPbOHNbWe:Wev4M2JsYZpq2/VfZfNL45npAHjSD

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

28089893c1d9e756f0ae4af23123ec53_JaffaCakes118.exe

Resource

win7-20240705-en

xtremerat persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

28089893c1d9e756f0ae4af23123ec53_JaffaCakes118.exe

Resource

win10v2004-20240704-en

xtremerat persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

theking200817.no-ip.biz

Targets

- Target
  
  28089893c1d9e756f0ae4af23123ec53_JaffaCakes118
- Size
  
  356KB
- MD5
  
  28089893c1d9e756f0ae4af23123ec53
- SHA1
  
  a71764ef8171820e147da35dd1dd2c239d1feb02
- SHA256
  
  9084d64fbcd5e6562eb4f80af38be53cd0a13570c5c99609825922556139f290
- SHA512
  
  f1b08bf20a6fac2c6db68d7ffb9fc71875c26d95032715f28521c7996abc12b6a334aa16bff3174f630db297ab1d1ddf65752f4e23a4817231877c40f9ed4fd2
- SSDEEP
  
  6144:Kxev4M2Jg+EYZr8iyD2/VfZfNL4WGnpgRRk+aAj89KPbOHNbWe:Wev4M2JsYZpq2/VfZfNL45npAHjSD
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2024

Terms | Privacy