xtremerat | 501a7697cdc63f3bd97ba363f8de7d2ee35f3b87102a9bb680acf176933607c4 | Triage

Sharing

General

Target

501a7697cdc63f3bd97ba363f8de7d2ee35f3b87102a9bb680acf176933607c4
Size

45KB
MD5

f7f8b283d7a59f4c2f2890c0451c18a7
SHA1

438cc1dffecfbab676973413fd00cd856f6c061a
SHA256

501a7697cdc63f3bd97ba363f8de7d2ee35f3b87102a9bb680acf176933607c4
SHA512

1a0b62db8447b04bea4557b44521a2a8e6e407b20cf97236a5a8c50aa0cdf480a7ac65070e8b8471fa5127a2abaa45ed1b906d07bf5d33b33a280a444f0510f6
SSDEEP

768:9Bs+tjFY90iY6W1jwmDzKgEFQXaklMIL6H8hwfOgw08Azo5J:jnRh31jxPEFQXakgH84blo5J

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Files

501a7697cdc63f3bd97ba363f8de7d2ee35f3b87102a9bb680acf176933607c4
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ