xtremerat | ec821cc8849cc2048ef1ebece9beed93_JaffaCakes118 | Triage

Sharing

General

Target

ec821cc8849cc2048ef1ebece9beed93_JaffaCakes118
Size

614KB
MD5

ec821cc8849cc2048ef1ebece9beed93
SHA1

f4fdd00d5633ff74f96c026ac7f70108ced797c3
SHA256

25d3cf40606d6ae25bacc67043eafce757cc3ea4f03265ba424764ba7bd1e02c
SHA512

f7515701507eabc30523ae454578340a0ba8008ef4908d188e4e50e06a81143eb9448aa6e3bd66f433f24fc6c4b40ddcc5b4afa80a55a66906b7d85975b7e443
SSDEEP

12288:QEa/SrIP7l+0IusoHS5VweemGmWHZWZ7VcHOeqi7xAZKJJhDl7QdF1igXg:QEa/6YIuso0Vhm1HsZ7aHDqWKKJJ7WXw

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

Processes:

resource yara_rule

sample family_xtremerat
Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
ec821cc8849cc2048ef1ebece9beed93_JaffaCakes118

Files

ec821cc8849cc2048ef1ebece9beed93_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ