Source: 7FW4ce2RDy.exe, type: SAMPLE | Matched rule: Detects Xtreme RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 7FW4ce2RDy.exe, type: SAMPLE | Matched rule: Detects XTREME sample analyzed in September 2017 Author: Florian Roth |
Source: 7FW4ce2RDy.exe, type: SAMPLE | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 8.2.System.exe.3e0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 8.2.System.exe.3e0000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 19.0.System.exe.3e0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 19.0.System.exe.3e0000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 16.2.System.exe.d50000.0.unpack, type: UNPACKEDPE | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 16.2.System.exe.d50000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.7FW4ce2RDy.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Xtreme RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.7FW4ce2RDy.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: Detects XTREME sample analyzed in September 2017 Author: Florian Roth |
Source: 0.2.7FW4ce2RDy.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 1.2.svchost.exe.10000000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Xtreme RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 1.2.svchost.exe.10000000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects XTREME sample analyzed in September 2017 Author: Florian Roth |
Source: 1.2.svchost.exe.10000000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 0.3.7FW4ce2RDy.exe.7a1784.0.unpack, type: UNPACKEDPE | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.7FW4ce2RDy.exe.7a1784.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 19.2.System.exe.3e0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 19.2.System.exe.3e0000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 1.0.svchost.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Xtreme RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 1.0.svchost.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: Detects XTREME sample analyzed in September 2017 Author: Florian Roth |
Source: 1.0.svchost.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 1.2.svchost.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Xtreme RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 1.2.svchost.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: Detects XTREME sample analyzed in September 2017 Author: Florian Roth |
Source: 1.2.svchost.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 20.0.System.exe.240000.0.unpack, type: UNPACKEDPE | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 20.0.System.exe.240000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.0.562Server.exe.1d0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 4.0.562Server.exe.1d0000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 16.0.System.exe.d50000.0.unpack, type: UNPACKEDPE | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 16.0.System.exe.d50000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 20.2.System.exe.240000.0.unpack, type: UNPACKEDPE | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 20.2.System.exe.240000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.2.562Server.exe.1d0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 4.2.562Server.exe.1d0000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 8.0.System.exe.3e0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 8.0.System.exe.3e0000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 1.0.svchost.exe.10000000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Xtreme RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 1.0.svchost.exe.10000000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects XTREME sample analyzed in September 2017 Author: Florian Roth |
Source: 1.0.svchost.exe.10000000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 0.0.7FW4ce2RDy.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Xtreme RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.0.7FW4ce2RDy.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: Detects XTREME sample analyzed in September 2017 Author: Florian Roth |
Source: 0.0.7FW4ce2RDy.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000014.00000002.373443216.0000000000242000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000014.00000002.373443216.0000000000242000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000010.00000002.338283544.0000000000D52000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000010.00000002.338283544.0000000000D52000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000002.296483936.0000000010056000.00000008.00020000.sdmp, type: MEMORY | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000000.00000000.291223895.0000000010056000.00000008.00020000.sdmp, type: MEMORY | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000008.00000000.299745785.00000000003E2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000008.00000000.299745785.00000000003E2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000000.291198500.0000000010001000.00000080.00020000.sdmp, type: MEMORY | Matched rule: Detects Xtreme RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000000.291198500.0000000010001000.00000080.00020000.sdmp, type: MEMORY | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000008.00000002.557860043.00000000003E2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000008.00000002.557860043.00000000003E2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000004.00000000.295421440.00000000001D2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000004.00000000.295421440.00000000001D2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000003.295553833.00000000007A2000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.295553833.00000000007A2000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000013.00000000.343912996.00000000003E2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000013.00000000.343912996.00000000003E2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000010.00000000.326269986.0000000000D52000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000010.00000000.326269986.0000000000D52000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000001.00000002.304153426.0000000010048000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000000.00000002.296449823.0000000010001000.00000080.00020000.sdmp, type: MEMORY | Matched rule: Detects Xtreme RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000002.296449823.0000000010001000.00000080.00020000.sdmp, type: MEMORY | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000014.00000000.361347637.0000000000242000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000014.00000000.361347637.0000000000242000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000004.00000002.300093433.00000000001D2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000004.00000002.300093433.00000000001D2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000003.295774602.000000000079A000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.295774602.000000000079A000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000002.296472928.0000000010048000.00000080.00020000.sdmp, type: MEMORY | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000001.00000000.293164908.0000000010048000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000001.00000002.304130740.0000000010000000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detects Xtreme RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000001.00000002.304130740.0000000010000000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detects XTREME sample analyzed in September 2017 Author: Florian Roth |
Source: 00000001.00000002.304130740.0000000010000000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000001.00000000.293137876.0000000010000000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detects Xtreme RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000001.00000000.293137876.0000000010000000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detects XTREME sample analyzed in September 2017 Author: Florian Roth |
Source: 00000001.00000000.293137876.0000000010000000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000000.00000000.291215045.0000000010048000.00000080.00020000.sdmp, type: MEMORY | Matched rule: Xtrem RAT v3.5 Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000013.00000002.355829815.00000000003E2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000013.00000002.355829815.00000000003E2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\301b5fcf8ce2fab8868e80b6c1f912fe.exe, type: DROPPED | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: C:\Windows\SysWOW64\562Server.exe, type: DROPPED | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: C:\Windows\SysWOW64\562Server.exe, type: DROPPED | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\301b5fcf8ce2fab8868e80b6c1f912fe.exe, type: DROPPED | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: C:\Users\user\AppData\Local\Temp\System.exe, type: DROPPED | Matched rule: Detects njRAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: C:\Users\user\AppData\Local\Temp\System.exe, type: DROPPED | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 7FW4ce2RDy.exe, type: SAMPLE | Matched rule: RAT_Xtreme date = 01.04.2014, filetype = exe, ver = 2.9, 3.1, 3.2, 3.5, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects Xtreme RAT, reference = http://malwareconfig.com/stats/Xtreme |
Source: 7FW4ce2RDy.exe, type: SAMPLE | Matched rule: Xtreme_Sep17_1 date = 2017-09-27, hash1 = 93c89044e8850721d39e935acd3fb693de154b7580d62ed460256cabb75599a6, author = Florian Roth, description = Detects XTREME sample analyzed in September 2017, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7FW4ce2RDy.exe, type: SAMPLE | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 8.2.System.exe.3e0000.0.unpack, type: UNPACKEDPE | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 8.2.System.exe.3e0000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 19.0.System.exe.3e0000.0.unpack, type: UNPACKEDPE | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 19.0.System.exe.3e0000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 16.2.System.exe.d50000.0.unpack, type: UNPACKEDPE | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 16.2.System.exe.d50000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.7FW4ce2RDy.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: RAT_Xtreme date = 01.04.2014, filetype = exe, ver = 2.9, 3.1, 3.2, 3.5, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects Xtreme RAT, reference = http://malwareconfig.com/stats/Xtreme |
Source: 0.2.7FW4ce2RDy.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: Xtreme_Sep17_1 date = 2017-09-27, hash1 = 93c89044e8850721d39e935acd3fb693de154b7580d62ed460256cabb75599a6, author = Florian Roth, description = Detects XTREME sample analyzed in September 2017, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.7FW4ce2RDy.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 1.2.svchost.exe.10000000.0.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_Xtreme date = 01.04.2014, filetype = exe, ver = 2.9, 3.1, 3.2, 3.5, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects Xtreme RAT, reference = http://malwareconfig.com/stats/Xtreme |
Source: 1.2.svchost.exe.10000000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Xtreme_Sep17_1 date = 2017-09-27, hash1 = 93c89044e8850721d39e935acd3fb693de154b7580d62ed460256cabb75599a6, author = Florian Roth, description = Detects XTREME sample analyzed in September 2017, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.svchost.exe.10000000.0.raw.unpack, type: UNPACKEDPE | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 0.3.7FW4ce2RDy.exe.7a1784.0.unpack, type: UNPACKEDPE | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 0.3.7FW4ce2RDy.exe.7a1784.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 19.2.System.exe.3e0000.0.unpack, type: UNPACKEDPE | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 19.2.System.exe.3e0000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 1.0.svchost.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: RAT_Xtreme date = 01.04.2014, filetype = exe, ver = 2.9, 3.1, 3.2, 3.5, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects Xtreme RAT, reference = http://malwareconfig.com/stats/Xtreme |
Source: 1.0.svchost.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: Xtreme_Sep17_1 date = 2017-09-27, hash1 = 93c89044e8850721d39e935acd3fb693de154b7580d62ed460256cabb75599a6, author = Florian Roth, description = Detects XTREME sample analyzed in September 2017, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.0.svchost.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 1.2.svchost.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: RAT_Xtreme date = 01.04.2014, filetype = exe, ver = 2.9, 3.1, 3.2, 3.5, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects Xtreme RAT, reference = http://malwareconfig.com/stats/Xtreme |
Source: 1.2.svchost.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: Xtreme_Sep17_1 date = 2017-09-27, hash1 = 93c89044e8850721d39e935acd3fb693de154b7580d62ed460256cabb75599a6, author = Florian Roth, description = Detects XTREME sample analyzed in September 2017, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.svchost.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 20.0.System.exe.240000.0.unpack, type: UNPACKEDPE | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 20.0.System.exe.240000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.0.562Server.exe.1d0000.0.unpack, type: UNPACKEDPE | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 4.0.562Server.exe.1d0000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 16.0.System.exe.d50000.0.unpack, type: UNPACKEDPE | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 16.0.System.exe.d50000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 20.2.System.exe.240000.0.unpack, type: UNPACKEDPE | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 20.2.System.exe.240000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.2.562Server.exe.1d0000.0.unpack, type: UNPACKEDPE | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 4.2.562Server.exe.1d0000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 8.0.System.exe.3e0000.0.unpack, type: UNPACKEDPE | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 8.0.System.exe.3e0000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 1.0.svchost.exe.10000000.0.raw.unpack, type: UNPACKEDPE | Matched rule: RAT_Xtreme date = 01.04.2014, filetype = exe, ver = 2.9, 3.1, 3.2, 3.5, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects Xtreme RAT, reference = http://malwareconfig.com/stats/Xtreme |
Source: 1.0.svchost.exe.10000000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Xtreme_Sep17_1 date = 2017-09-27, hash1 = 93c89044e8850721d39e935acd3fb693de154b7580d62ed460256cabb75599a6, author = Florian Roth, description = Detects XTREME sample analyzed in September 2017, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.0.svchost.exe.10000000.0.raw.unpack, type: UNPACKEDPE | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 0.0.7FW4ce2RDy.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: RAT_Xtreme date = 01.04.2014, filetype = exe, ver = 2.9, 3.1, 3.2, 3.5, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects Xtreme RAT, reference = http://malwareconfig.com/stats/Xtreme |
Source: 0.0.7FW4ce2RDy.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: Xtreme_Sep17_1 date = 2017-09-27, hash1 = 93c89044e8850721d39e935acd3fb693de154b7580d62ed460256cabb75599a6, author = Florian Roth, description = Detects XTREME sample analyzed in September 2017, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.0.7FW4ce2RDy.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 00000014.00000002.373443216.0000000000242000.00000002.00020000.sdmp, type: MEMORY | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 00000014.00000002.373443216.0000000000242000.00000002.00020000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000010.00000002.338283544.0000000000D52000.00000002.00020000.sdmp, type: MEMORY | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 00000010.00000002.338283544.0000000000D52000.00000002.00020000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000002.296483936.0000000010056000.00000008.00020000.sdmp, type: MEMORY | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 00000000.00000000.291223895.0000000010056000.00000008.00020000.sdmp, type: MEMORY | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 00000008.00000000.299745785.00000000003E2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 00000008.00000000.299745785.00000000003E2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000000.291198500.0000000010001000.00000080.00020000.sdmp, type: MEMORY | Matched rule: RAT_Xtreme date = 01.04.2014, filetype = exe, ver = 2.9, 3.1, 3.2, 3.5, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects Xtreme RAT, reference = http://malwareconfig.com/stats/Xtreme |
Source: 00000000.00000000.291198500.0000000010001000.00000080.00020000.sdmp, type: MEMORY | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 00000008.00000002.557860043.00000000003E2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 00000008.00000002.557860043.00000000003E2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000004.00000000.295421440.00000000001D2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 00000004.00000000.295421440.00000000001D2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000003.295553833.00000000007A2000.00000004.00000001.sdmp, type: MEMORY | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 00000000.00000003.295553833.00000000007A2000.00000004.00000001.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000013.00000000.343912996.00000000003E2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 00000013.00000000.343912996.00000000003E2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000010.00000000.326269986.0000000000D52000.00000002.00020000.sdmp, type: MEMORY | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 00000010.00000000.326269986.0000000000D52000.00000002.00020000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000001.00000002.304153426.0000000010048000.00000040.00000001.sdmp, type: MEMORY | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 00000000.00000002.296449823.0000000010001000.00000080.00020000.sdmp, type: MEMORY | Matched rule: RAT_Xtreme date = 01.04.2014, filetype = exe, ver = 2.9, 3.1, 3.2, 3.5, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects Xtreme RAT, reference = http://malwareconfig.com/stats/Xtreme |
Source: 00000000.00000002.296449823.0000000010001000.00000080.00020000.sdmp, type: MEMORY | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 00000014.00000000.361347637.0000000000242000.00000002.00020000.sdmp, type: MEMORY | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 00000014.00000000.361347637.0000000000242000.00000002.00020000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000004.00000002.300093433.00000000001D2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 00000004.00000002.300093433.00000000001D2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000003.295774602.000000000079A000.00000004.00000001.sdmp, type: MEMORY | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 00000000.00000003.295774602.000000000079A000.00000004.00000001.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000002.296472928.0000000010048000.00000080.00020000.sdmp, type: MEMORY | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 00000001.00000000.293164908.0000000010048000.00000040.00000001.sdmp, type: MEMORY | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 00000001.00000002.304130740.0000000010000000.00000040.00000001.sdmp, type: MEMORY | Matched rule: RAT_Xtreme date = 01.04.2014, filetype = exe, ver = 2.9, 3.1, 3.2, 3.5, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects Xtreme RAT, reference = http://malwareconfig.com/stats/Xtreme |
Source: 00000001.00000002.304130740.0000000010000000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Xtreme_Sep17_1 date = 2017-09-27, hash1 = 93c89044e8850721d39e935acd3fb693de154b7580d62ed460256cabb75599a6, author = Florian Roth, description = Detects XTREME sample analyzed in September 2017, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000001.00000002.304130740.0000000010000000.00000040.00000001.sdmp, type: MEMORY | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 00000001.00000000.293137876.0000000010000000.00000040.00000001.sdmp, type: MEMORY | Matched rule: RAT_Xtreme date = 01.04.2014, filetype = exe, ver = 2.9, 3.1, 3.2, 3.5, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects Xtreme RAT, reference = http://malwareconfig.com/stats/Xtreme |
Source: 00000001.00000000.293137876.0000000010000000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Xtreme_Sep17_1 date = 2017-09-27, hash1 = 93c89044e8850721d39e935acd3fb693de154b7580d62ed460256cabb75599a6, author = Florian Roth, description = Detects XTREME sample analyzed in September 2017, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000001.00000000.293137876.0000000010000000.00000040.00000001.sdmp, type: MEMORY | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 00000000.00000000.291215045.0000000010048000.00000080.00020000.sdmp, type: MEMORY | Matched rule: xtremrat date = 2012-07-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = Xtrem RAT v3.5, version = 1.0 |
Source: 00000013.00000002.355829815.00000000003E2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: 00000013.00000002.355829815.00000000003E2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\301b5fcf8ce2fab8868e80b6c1f912fe.exe, type: DROPPED | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: C:\Windows\SysWOW64\562Server.exe, type: DROPPED | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: C:\Windows\SysWOW64\562Server.exe, type: DROPPED | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\301b5fcf8ce2fab8868e80b6c1f912fe.exe, type: DROPPED | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: C:\Users\user\AppData\Local\Temp\System.exe, type: DROPPED | Matched rule: RAT_njRat date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects njRAT, reference = http://malwareconfig.com/stats/njRat |
Source: C:\Users\user\AppData\Local\Temp\System.exe, type: DROPPED | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |