xtremerat | 2e9fce116afd817d09c721fd131134979a802945f759bb514c626cf2ed1c3e2c | Triage

Sharing

General

Target

2e9fce116afd817d09c721fd131134979a802945f759bb514c626cf2ed1c3e2c
Size

44KB
MD5

06f4c83bf76646eb6647e24460313d00
SHA1

c67c7e1d7ff08e97b81712bf6f0ad33174da3a83
SHA256

2e9fce116afd817d09c721fd131134979a802945f759bb514c626cf2ed1c3e2c
SHA512

a99022b3429c2a568fbe8c93ec35df1f352d9e8477299a434fd1a14ca108d4e18c1a95b57aaf9c15502b2ea3a2d6a1c5888610902a783c7c583d3e339e13ae49
SSDEEP

768:rBr+tjFqTPkAl5ztB1lr6an3smTA8uvm2DfOTwYPI2zo+d:FyRUHlBL1lr6an3TLuvm2buQqo+d

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Files

2e9fce116afd817d09c721fd131134979a802945f759bb514c626cf2ed1c3e2c
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ