xtremerat | a42e3cab17999bcf569f14a234d2507587b035c53759cb3a2ccb313571a3f855 | Triage

Sharing

General

Target

a42e3cab17999bcf569f14a234d2507587b035c53759cb3a2ccb313571a3f855
Size

66KB
MD5

82d231762e54f8d742dd8cecdb66babb
SHA1

a31b7f96dd90bb375ae0e32ce3705a52de98e328
SHA256

a42e3cab17999bcf569f14a234d2507587b035c53759cb3a2ccb313571a3f855
SHA512

38d2b3b9ed1de96d0c08aaafda9db8b07adec40e744f66516636fbd77345669c961d4a87ddae7585c0766bebf56a7a17d428929e63d5d78efcd503fa53185301
SSDEEP

768:G9m1Sq4NQrr2sH1U8z05DeeQuMVTyN8ipHo37Vmd6AtXVtWA3bAk7voNwKSiWIkZ:jsq+Q5aZQuIyJp0mgAhF3UtNw1I

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Files

a42e3cab17999bcf569f14a234d2507587b035c53759cb3a2ccb313571a3f855
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 203KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ