xtremerat | 3de2d4f6a703de0374ab7dee92ebd4b3806837c585e731d3bb6a6d7b2708a567

General

Target

3de2d4f6a703de0374ab7dee92ebd4b3806837c585e731d3bb6a6d7b2708a567
Size

152KB
MD5

90bb55e9f366631e976dce0e7a2ca6aa
SHA1

60f8e11370f9fb3ecf21aa2e00f745a5c6e013c1
SHA256

3de2d4f6a703de0374ab7dee92ebd4b3806837c585e731d3bb6a6d7b2708a567
SHA512

cb667f6a7e0d881bf52eb61effef8986a0c1c8b65746acc246ae1f4c57ac708b2e05bba1eb17c83f0ce0fbf1d4220c9aeb7c1c7bb9d906b701af666723a9d4b5
SSDEEP

1536:Osq+QV4rObAdXWpf/y+7oyuIcavOdJpx38nfUmBhBifsmlVKQUlcVLOcSYXDt:/44rj/Woo25MnfUmBMsK4Z6VKcf

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Files

3de2d4f6a703de0374ab7dee92ebd4b3806837c585e731d3bb6a6d7b2708a567
.exe windows x86

c724ed317d928ad5121034031dabec56

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
ord516
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaErase
ord632
__vbaVarZero
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
DllFunctionCall
_adj_fpatan
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord644
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaAryLock
__vbaStrToAnsi
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xbdwgqj
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c724ed317d928ad5121034031dabec56

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 112KB - Virtual size: 111KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 32KB - Virtual size: 32KB

xbdwgqj Size: - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 111KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 32KB - Virtual size: 32KB

xbdwgqj
Size: - Virtual size: 4KB