xtremerat | c87d2b3649d4ef6f182aa92c051446fb8513f5a62c9647c191904dd932e51e1d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c87d2b3649d4ef6f182aa92c051446fb8513f5a62c9647c191904dd932e51e1d
Size

72KB
MD5

57a008f7c7450246140a6a84493d2130
SHA1

517253973d0cc21931d6cae099f9d09931d3e4eb
SHA256

c87d2b3649d4ef6f182aa92c051446fb8513f5a62c9647c191904dd932e51e1d
SHA512

bb1d31386073bdfa8d43c158a60de0f5b50db9d15c019c1ba1147533fcce812660d23db8cdd58856321d1f3736d1630c8eddf60e7aa26884ed0f35aa1c7eee53
SSDEEP

1536:gqHoGERyRh31jxPEFQXak+H84b7oeO5o:gMvoyRhFjcPoto

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Files

c87d2b3649d4ef6f182aa92c051446fb8513f5a62c9647c191904dd932e51e1d
.exe windows x86

6883d78394a9c093f56be4f28f931334

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFilePointer
VirtualAlloc
VirtualFree
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
GetProcAddress
GetModuleHandleA
ReadProcessMemory
GetThreadContext
CreateProcessA
GetModuleFileNameA
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
HeapFree
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
GetLastError
FlushFileBuffers
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE