![]() ![]() Communication between the C2 and hosts are encoded and sometimes compressed. Xtreme RAT uses a reverse-connecting architecture: the C2 acts as the client while the infected hosts act as servers. Where 127.0.0.1 is the IP address of the Xtreme RAT C2 Server-Client Communication Note that Xtreme RAT C2 Software runs on Windows OS. Additional files can be added manually within the code. By default, this code attempts to download three files that are common among Xtreme RAT instances: "", "senha.txt", and "Settings.ini". Only successfully downloads files with an absolute path. This is currently written in Python 2.7 and will be updated to 3.0 soon. Mimics an infected host phoning home to an Xtreme RAT C2 Server and attempts to authenticate itself and download specified files.
0 Comments
Leave a Reply. |