xtremerat | 93b907c511254e4edd0a6242faf2e494ea14fb4a9bff6ab6eb7297b16bfb8d3b | Triage

Submit
Reports

Overview

overview

Static

static

3

28823719bf...18.exe

windows7-x64

28823719bf...18.exe

windows10-2004-x64

Sharing

General

Target

28823719bf29b3a2d43e579a3b7ae06c_JaffaCakes118
Size

292KB
Sample

240706-rywxma1clp
MD5

28823719bf29b3a2d43e579a3b7ae06c
SHA1

3e68dacaf925262ab7bed8edb5c85728c55a7352
SHA256

93b907c511254e4edd0a6242faf2e494ea14fb4a9bff6ab6eb7297b16bfb8d3b
SHA512

1c80aff88ca48ec8bd384207b3e4779030d7a2795fcdf7cfb724c8fd04d5b810fc62e08648bcb8780e70b24b38bf85fdb427e061d0389663d872387da4b971b5
SSDEEP

1536:2OwPGSmhCmW7yCHyJgHH/oJjgCBcw91qFhuN:OGSk7CyZJMm1qSN

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

28823719bf29b3a2d43e579a3b7ae06c_JaffaCakes118.exe

Resource

win7-20240704-en

xtremerat persistence rat spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

28823719bf29b3a2d43e579a3b7ae06c_JaffaCakes118.exe

Resource

win10v2004-20240704-en

xtremerat persistence rat spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  28823719bf29b3a2d43e579a3b7ae06c_JaffaCakes118
- Size
  
  292KB
- MD5
  
  28823719bf29b3a2d43e579a3b7ae06c
- SHA1
  
  3e68dacaf925262ab7bed8edb5c85728c55a7352
- SHA256
  
  93b907c511254e4edd0a6242faf2e494ea14fb4a9bff6ab6eb7297b16bfb8d3b
- SHA512
  
  1c80aff88ca48ec8bd384207b3e4779030d7a2795fcdf7cfb724c8fd04d5b810fc62e08648bcb8780e70b24b38bf85fdb427e061d0389663d872387da4b971b5
- SSDEEP
  
  1536:2OwPGSmhCmW7yCHyJgHH/oJjgCBcw91qFhuN:OGSk7CyZJMm1qSN
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2024

Terms | Privacy