xtremerat | cca595a3cad47d31db8ef4cf0fd25215 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cca595a3cad47d31db8ef4cf0fd25215
Size

283KB
MD5

cca595a3cad47d31db8ef4cf0fd25215
SHA1

af6af8f0839ed8e46135addad7fbd89fed95f1e3
SHA256

97489c826589ceeb0adfd2a83e2e193071cf4f425571a1618d6d7832d7ebf717
SHA512

26e6e07833a84d7415b55b9a38a9312bfe6b0eac720cfb54ec7d9664f36f9225150d28bdd103a408ce87d3fb966aede78c65fcbddf312503d6a2eca3d49910c4
SSDEEP

6144:JcnIylFtj5oMwi6FU5AqVMkSFVtEiicUTCTY28Hx7gX:GT5oMwi6yXriic2rF

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cca595a3cad47d31db8ef4cf0fd25215

Files

cca595a3cad47d31db8ef4cf0fd25215
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ