xtremerat | a8b06620e9629037953a3a5bc07a0b60_JaffaCakes118 | Triage

Sharing

General

Target

a8b06620e9629037953a3a5bc07a0b60_JaffaCakes118
Size

45KB
MD5

a8b06620e9629037953a3a5bc07a0b60
SHA1

08c35cd4abf5e0945182079e24ec190d97225775
SHA256

c01c3e39933ccfedaf1d766903232ada996f71ee79187a2cb420219000c97d21
SHA512

042cfac252c4ceb55b9b7e5fb7f23d5686c4b3aeca68b2b093a3dce78d29f89f66745e685a9cefdb07db1dcf69a2daaa4286af185a2f9cc6040d3cbc5c0b9b50
SSDEEP

768:DBr+tjFKsusi02s2VzfoFTrS75YAU074/uhXtYCpP0zo3rI:tyRQsiNVzwFfS75YAU08mhX5co7I

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

Processes:

resource yara_rule

sample family_xtremerat
Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
a8b06620e9629037953a3a5bc07a0b60_JaffaCakes118

Files

a8b06620e9629037953a3a5bc07a0b60_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ