xtremerat | 60b151f81317e4ac6d9a6305fca00431_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

60b151f81317e4ac6d9a6305fca00431_JaffaCakes118
Size

65KB
MD5

60b151f81317e4ac6d9a6305fca00431
SHA1

91cf03689e1e154ab754b85562be6865bd62a017
SHA256

c6b971216902c90914bc87af081e673a4310aeef95953f3c7a8b0a1d4806653f
SHA512

2ed1790e3c7a935bc5679225f94c21fdc4c04bd5a40e43898797905a1e5308342973fd56492212930e2af413165c5f7750d211f8f2fa9a666ac4a61fc12368d2
SSDEEP

768:98m1Sq4NQErBsH1tzoisBKQI6dObAG/dq8uW29Ifnca/yyR+P2ujfGiZKPA+7XoU:5sq+QV4rObAdXWpf/y+7ozNwixo

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60b151f81317e4ac6d9a6305fca00431_JaffaCakes118

Files

60b151f81317e4ac6d9a6305fca00431_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 116KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 208KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ