xtremerat | bb2ed8ad4d5b0eb52807c799bc6d039019b19e4bfb6cd19ef25d2b9376ebbd94 | Triage

Sharing

General

Target

bb2ed8ad4d5b0eb52807c799bc6d039019b19e4bfb6cd19ef25d2b9376ebbd94
Size

65KB
MD5

679f94c705da408f11d00a51a6f84c60
SHA1

4440028b59f6b8a1b480b0fe4efa0f48774c2956
SHA256

bb2ed8ad4d5b0eb52807c799bc6d039019b19e4bfb6cd19ef25d2b9376ebbd94
SHA512

ee2c4203099c9de3bb2faeef17d666cd14e58cdaf79004a1ec143bf0536960a907e32a9bcff5097dcc3a0302fca093462b7b72a05fc8d0e84c9436ff296ac140
SSDEEP

768:e8m1Sq4NQErBsH1tzoisBKQI6dObAG/dqOXHsoAx5JXrUqLOY0pYKnA+7PoNw+zD:ssq+QV4rObAdNoAf5UqiYmlArNwCoY

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Files

bb2ed8ad4d5b0eb52807c799bc6d039019b19e4bfb6cd19ef25d2b9376ebbd94
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 208KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ