xtremerat | cff488bb00e4776b0f8501834fc44ad2df23d66f9dfc70c575ff0355b218234d | Triage

Submit
Reports

Overview

overview

Static

static

3

2a1e6d3c16...18.exe

windows7-x64

2a1e6d3c16...18.exe

windows10-2004-x64

Sharing

General

Target

2a1e6d3c166092b771a71d51fbae5e66_JaffaCakes118
Size

63KB
Sample

240707-26nlbs1cnm
MD5

2a1e6d3c166092b771a71d51fbae5e66
SHA1

8f62cbb7ae199ff3cb96e8c062709802f2451503
SHA256

cff488bb00e4776b0f8501834fc44ad2df23d66f9dfc70c575ff0355b218234d
SHA512

08cdac0d92f96f0e6211fcf732d261717b2b7455aa41e0ccfc6860092051dd9e88ec18d750791e8776d1791e28a09f4c9532a47164a19d7d5671ad16feae884b
SSDEEP

1536:7EycZiA+/WEoHEP515yVq0cVT83lnLR4RVveOMkSGrkh+oDg31J2wYwP:7mZihjokx15ar5VmvWkSGrK+oDUYC

Score

10^/10

xtremerat persistence rat spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2a1e6d3c166092b771a71d51fbae5e66_JaffaCakes118.exe

Resource

win7-20240704-en

xtremerat persistence rat spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2a1e6d3c166092b771a71d51fbae5e66_JaffaCakes118.exe

Resource

win10v2004-20240704-en

xtremerat persistence rat spyware

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2a1e6d3c166092b771a71d51fbae5e66_JaffaCakes118
- Size
  
  63KB
- MD5
  
  2a1e6d3c166092b771a71d51fbae5e66
- SHA1
  
  8f62cbb7ae199ff3cb96e8c062709802f2451503
- SHA256
  
  cff488bb00e4776b0f8501834fc44ad2df23d66f9dfc70c575ff0355b218234d
- SHA512
  
  08cdac0d92f96f0e6211fcf732d261717b2b7455aa41e0ccfc6860092051dd9e88ec18d750791e8776d1791e28a09f4c9532a47164a19d7d5671ad16feae884b
- SSDEEP
  
  1536:7EycZiA+/WEoHEP515yVq0cVT83lnLR4RVveOMkSGrkh+oDg31J2wYwP:7mZihjokx15ar5VmvWkSGrK+oDUYC
Score

10^/10

xtremerat persistence rat spyware
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspyware

behavioral2

xtremeratpersistenceratspyware

© 2018-2024

Terms | Privacy