xtremerat | f19ffa724204a0e8e2df1ca880c30415b2d324faa4cf99c751e3c68cedcdf34d | Triage

Sharing

General

Target

f19ffa724204a0e8e2df1ca880c30415b2d324faa4cf99c751e3c68cedcdf34d
Size

67KB
MD5

44a00429e87ab647f3ed8855bd958a77
SHA1

2314a487f97b46e80b03cadbaa547ed056ab7898
SHA256

f19ffa724204a0e8e2df1ca880c30415b2d324faa4cf99c751e3c68cedcdf34d
SHA512

8deb4555095e4a0c168d30be418a178820893a25915f516a1e12ee8ea4a04968e3379bb83527c111278cf95018e0031db73e347e876e56f3ae91a1d9b1dafcb3
SSDEEP

768:49m1Sq4NQErBsH1tzoisBKQI6dObAG/dqbuW29Ifnc6/yyR+P2ujfiipK9A+7Xo/:lsq+QV4rObAdiWpffyarmzNwiGo883

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Files

f19ffa724204a0e8e2df1ca880c30415b2d324faa4cf99c751e3c68cedcdf34d
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 208KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ