xtremerat | 4c0c9f8c773d5cc77601fe14009e05ebc723e95f586519d0e4fdae5f35fa525d | Triage

Sharing

General

Target

4c0c9f8c773d5cc77601fe14009e05ebc723e95f586519d0e4fdae5f35fa525d
Size

585KB
MD5

55c0e0fb391a3ce4caaac1c49ed1ac00
SHA1

868da3a8c72eff600d54be3babe3721489a85500
SHA256

4c0c9f8c773d5cc77601fe14009e05ebc723e95f586519d0e4fdae5f35fa525d
SHA512

60a5a4f182a5e0dab19709276746465ae277822b990e95121cbb170d2c4e29a6d71457a4817f88d7f10aa464d2974cbdb4b7eeffe60b9e44d02bf0b30f608df1
SSDEEP

12288:Za7XtTWupXNT35AcFqTCC5ktTWupXNT35AcFqTCC5I:ZEhZpXJ3SGqTCCuhZpXJ3SGqTCCm

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Files

4c0c9f8c773d5cc77601fe14009e05ebc723e95f586519d0e4fdae5f35fa525d
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 544KB - Virtual size: 543KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ