xtremerat | 05bd2f94b9cec63575121288f4d2ba9543622cbbb985dd1bb1e014b16ce2d369 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05bd2f94b9cec63575121288f4d2ba9543622cbbb985dd1bb1e014b16ce2d369
Size

6.5MB
MD5

6d533b01e156753aa6738254e287d4df
SHA1

6429f209d56d24c0912b3787dc0e02cafeab182c
SHA256

05bd2f94b9cec63575121288f4d2ba9543622cbbb985dd1bb1e014b16ce2d369
SHA512

906fdc6daa3f75dd7cf6258c632450be0da54b5ed55eb6278542f2fc6ead9ea35f1985587094b6269fcde688e0ce00b3280f5724e4e1c77b6d59d51c913eae25
SSDEEP

3072:eY8QoQAEJ07aH++zBSa8o3qVi0aH++zBSTTRiqd9UBUys+uSOcp7zEMc:Vq/z+qo3Uiu+Wys+uS3lc

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Files

05bd2f94b9cec63575121288f4d2ba9543622cbbb985dd1bb1e014b16ce2d369
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 203KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ