xtremerat | 8e022fdca537d43fddf5758fa9fb8ace0e146b6d14345ddc4dfe893f2453f98d | Triage

Submit
Reports

Overview

overview

Static

static

3

28b4616652...18.exe

windows7-x64

28b4616652...18.exe

windows10-2004-x64

Sharing

General

Target

28b461665206cde9c350ad0960b6dda0_JaffaCakes118
Size

204KB
Sample

240706-s7e6xawbqf
MD5

28b461665206cde9c350ad0960b6dda0
SHA1

cb21b534c2e1d4315b6f175e0df335453a3434eb
SHA256

8e022fdca537d43fddf5758fa9fb8ace0e146b6d14345ddc4dfe893f2453f98d
SHA512

cdf2f7bad7617668c92fedcbe78dd7fc835591ed197cbea7f9627156022e476a6d653f84c36a2b18e58b89bd0291a4370b3cc8722d071c921181a54a81871966
SSDEEP

6144:u8LjGGm5UA4ewDqeUMaadm9wg1+oWrJMfs4ON:7GIojBO

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

28b461665206cde9c350ad0960b6dda0_JaffaCakes118.exe

Resource

win7-20240704-en

xtremerat persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

28b461665206cde9c350ad0960b6dda0_JaffaCakes118.exe

Resource

win10v2004-20240508-en

xtremerat persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

eminem30.no-ip.org

Targets

- Target
  
  28b461665206cde9c350ad0960b6dda0_JaffaCakes118
- Size
  
  204KB
- MD5
  
  28b461665206cde9c350ad0960b6dda0
- SHA1
  
  cb21b534c2e1d4315b6f175e0df335453a3434eb
- SHA256
  
  8e022fdca537d43fddf5758fa9fb8ace0e146b6d14345ddc4dfe893f2453f98d
- SHA512
  
  cdf2f7bad7617668c92fedcbe78dd7fc835591ed197cbea7f9627156022e476a6d653f84c36a2b18e58b89bd0291a4370b3cc8722d071c921181a54a81871966
- SSDEEP
  
  6144:u8LjGGm5UA4ewDqeUMaadm9wg1+oWrJMfs4ON:7GIojBO
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2024

Terms | Privacy