xtremerat | 89d2a51b87f8f8d0df3cb6af9b022a9a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89d2a51b87f8f8d0df3cb6af9b022a9a
Size

65KB
MD5

89d2a51b87f8f8d0df3cb6af9b022a9a
SHA1

39f9f3b34f61b80c9e8e6d967397b6acc9ce9b61
SHA256

a5ab3c391548b6ee57853dcee8c01fbbb7a19755a83bf3ec95f94cea85ee60b5
SHA512

52583a2c3e689ad3eaf6f2cd07a1ba14d35ddde79cd2dc114665b191adfe7022cc326e28075147f55338b3f431f766e3bbb4c2d335953f8188ddb27535e5ca71
SSDEEP

768:T8m1Sq4NQErBNH1tzoisBKQI6dObAG/dq8uW29Ifnch/yyR+P2ujfpihKPAB7Xod:rsq+Qi4rObAdXWpfgyBjoKNwiVo6aO

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89d2a51b87f8f8d0df3cb6af9b022a9a

Files

89d2a51b87f8f8d0df3cb6af9b022a9a
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 208KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ