xtremerat | 7c4ea05609f368f1e50ca17df26a2473 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7c4ea05609f368f1e50ca17df26a2473
Size

65KB
MD5

7c4ea05609f368f1e50ca17df26a2473
SHA1

1e7c181034f1244f75a234be31c9495012629215
SHA256

64b6494b1dcf38d8b5b7d38b4eb1b5b1d5fa18c32067d0bd41bebe25c982bf6a
SHA512

17f30837dff2e07b9a211ea0a73db53fcbb6975109a04f87bc33ded577d542bd6770bbe6825332f42111f5ea3931c1492748fd290b617a2298d993e8db0d31fe
SSDEEP

1536:esq+QD4rObAdNoAf5UqiYmlArNwWAokAc:PS4rOR1APAoe

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c4ea05609f368f1e50ca17df26a2473

Files

7c4ea05609f368f1e50ca17df26a2473
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 208KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ