xtremerat | 4826c04db9313ba736ad122f83e41b00a1559a2e6aeb09fce69a58c9b334afdd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4826c04db9313ba736ad122f83e41b00a1559a2e6aeb09fce69a58c9b334afdd
Size

331KB
MD5

6ab2e7e1db48258ac517d30befa29020
SHA1

6d11ce916e6605287056ea3bf342925f6f817261
SHA256

4826c04db9313ba736ad122f83e41b00a1559a2e6aeb09fce69a58c9b334afdd
SHA512

ba4516312aef0d6e08b28ad4b8a325dd461ca81ea01bf324ec3eb6b3f28a65dfda3b26fb94743b39c0617287dca9b62f13333d9c65567504c2e57fb739117143
SSDEEP

6144:yKdEyZFk3kWdv7CYeqGHsAVuHsddNvEIx0oDOkPNNWypET:fzkUkolMAVuH2bM6DDxNXET

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Files

4826c04db9313ba736ad122f83e41b00a1559a2e6aeb09fce69a58c9b334afdd
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 208KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ