xtremerat | 530d0d34083fa22e3bde227609ea5d60a166871bc8b0f64c58b6db279b20e336 | Triage

Submit
Reports

Overview

overview

Static

static

3

2a73118fea...18.exe

windows7-x64

2a73118fea...18.exe

windows10-2004-x64

Sharing

General

Target

2a73118feab14007f1bae786d3f807e1_JaffaCakes118
Size

98KB
Sample

240708-bja4lsvfjm
MD5

2a73118feab14007f1bae786d3f807e1
SHA1

5ac38868c385187b1b52fcc1f703646123f8603a
SHA256

530d0d34083fa22e3bde227609ea5d60a166871bc8b0f64c58b6db279b20e336
SHA512

f44cb7ab4542c0818a7872736d6afbc9afb70b112d934289e9ef3599ef9c9fdeb1875ff64221178956f68b2c9ca4247ac9f04652af62cb92e0505bb16e40316b
SSDEEP

3072:zvhbY9Pvzfd+AZ170oOA1oNA9kH4i2L1ISsngy:pY9Pjd+u1LRiekH471z

Score

10^/10

xtremerat persistence rat spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2a73118feab14007f1bae786d3f807e1_JaffaCakes118.exe

Resource

win7-20240704-en

xtremerat persistence rat spyware upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

2a73118feab14007f1bae786d3f807e1_JaffaCakes118.exe

Resource

win10v2004-20240704-en

xtremerat persistence rat spyware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

moon2009us.linkpc.net

Targets

- Target
  
  2a73118feab14007f1bae786d3f807e1_JaffaCakes118
- Size
  
  98KB
- MD5
  
  2a73118feab14007f1bae786d3f807e1
- SHA1
  
  5ac38868c385187b1b52fcc1f703646123f8603a
- SHA256
  
  530d0d34083fa22e3bde227609ea5d60a166871bc8b0f64c58b6db279b20e336
- SHA512
  
  f44cb7ab4542c0818a7872736d6afbc9afb70b112d934289e9ef3599ef9c9fdeb1875ff64221178956f68b2c9ca4247ac9f04652af62cb92e0505bb16e40316b
- SSDEEP
  
  3072:zvhbY9Pvzfd+AZ170oOA1oNA9kH4i2L1ISsngy:pY9Pjd+u1LRiekH471z
Score

10^/10

xtremerat persistence rat spyware upx
- Detect XtremeRAT payload
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xtremeratpersistenceratspywareupx

behavioral2

xtremeratpersistenceratspywareupx

© 2018-2024

Terms | Privacy