xtremerat | 5c8c36db969c3b1e32cbfee86d351e66_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c8c36db969c3b1e32cbfee86d351e66_JaffaCakes118
Size

76KB
MD5

5c8c36db969c3b1e32cbfee86d351e66
SHA1

37dbda88d08d3d7dc889c579039ac61a7a418d4f
SHA256

a356e1e1e6ed4c29afd353888a7818e8435287b461b42adb1a95ef610483acab
SHA512

eb46fc8e3676541c23611d4321472f4f84d56d966777391d233301ae2325c8e914c84cef0b38b9831e477049817de3592971eb42786502f59011cb9bbc937087
SSDEEP

768:4hH64hoddnbf9p3hNKG+QiKG+wNE9hghdN12Ozhiow2Gkm6+c3/pBzNBwIldazo:ooL9p35+l+eu+zMOlw2GkmS3/BldWo

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c8c36db969c3b1e32cbfee86d351e66_JaffaCakes118

Files

5c8c36db969c3b1e32cbfee86d351e66_JaffaCakes118
.exe windows:4 windows x86 arch:x86

77c6ea429462573b1528d6f2087ce24e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
lstrcmpiW
GetSystemPowerStatus
GetSystemTime
lstrcatW
WideCharToMultiByte
lstrcpynW
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
lstrlenA
lstrcpyW
MultiByteToWideChar

user32

GetFocus
CopyRect
SystemParametersInfoA
SetRectEmpty
GetSysColor
GetKeyboardState
SetRect
SetFocus
IntersectRect

gdi32

GetRgnBox
CreateRectRgn

msvcrt

strlen
_controlfp
__set_app_type
__p__fmode
__p__commode
malloc
memset
_adjust_fdiv
realloc
memcpy
fclose
fwrite
_wfopen
memmove
memcmp
_except_handler3
free
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ