xtremerat | f4e43606cf1a44487c39b6383c1420fe_JaffaCakes118 | Triage

Sharing

General

Target

f4e43606cf1a44487c39b6383c1420fe_JaffaCakes118
Size

62KB
MD5

f4e43606cf1a44487c39b6383c1420fe
SHA1

3f3b049b1d89ab8095e58bde50416ae07b608a1a
SHA256

dafd09349fd0c6c171d0c895adf7cc415857101bea43fe5461db7519eeffe327
SHA512

7429852274f0bf5ac8b0daccb51cbbf97d15276b9562e7fa670cd6c654f63e1d0b29b2562bd77bf1353ad5c56689f154f7905b17d71b949ef5b10899f1bf5e9e
SSDEEP

1536:pT8qDqQMKgMK3tGjbNwPZ6wIeXHWzl5NX3hB:tqcXKdcXeXHWZH

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

Processes:

resource yara_rule

sample family_xtremerat
Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
f4e43606cf1a44487c39b6383c1420fe_JaffaCakes118

Files

f4e43606cf1a44487c39b6383c1420fe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

code
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

data
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ASS
Size: - Virtual size: 203KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TLS
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RCRS
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ