xtremerat | ee2865688c35a9f8809b9c06f3b86ef2_JaffaCakes118 | Triage

Sharing

General

Target

ee2865688c35a9f8809b9c06f3b86ef2_JaffaCakes118
Size

65KB
MD5

ee2865688c35a9f8809b9c06f3b86ef2
SHA1

6c203a4cbb7b8e5027cbf449e5348db302f6d1d2
SHA256

a2ade97ee2e86f17b32e46ee5a9f990419ff66578482e733913375fc2d738a83
SHA512

5bc7c598af548a59c09eabeaa125ea240403ded4ed83750458960a9816c17866969ed07b1d26618be079e1c0c21a74eec38a2509eb8cd174a71c806f67534988
SSDEEP

768:I3m1Sq4NQNLBGH1vcz0wDeeQuMVTyN8ihHo37Vmd6AeXVtWAW7A+7yoNw4/Kcw:Xsq+QI6ZQuIyJh0mgA+FW0gNw1

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

Processes:

resource yara_rule

sample family_xtremerat
Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
ee2865688c35a9f8809b9c06f3b86ef2_JaffaCakes118

Files

ee2865688c35a9f8809b9c06f3b86ef2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

code
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

B
Size: - Virtual size: 203KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ