xtremerat | 7392f3fe4396ba50743e77fd33b6a1a2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7392f3fe4396ba50743e77fd33b6a1a2_JaffaCakes118
Size

65KB
MD5

7392f3fe4396ba50743e77fd33b6a1a2
SHA1

e6f65962b8465fb1603990437fbb990e8375f44a
SHA256

26195596f1237c87902a08eb2ba3f0ddf92d65a5d116e27a6f1df99f983c56d5
SHA512

8b29734bd901dbfb5a86cb79aadb26239c1f3e7b15a318fd71fbb5e9ba909869cd30db2bc96c71a13c83ac00a1f3865c63557c6851397b51a00bc9e96f25ddb2
SSDEEP

1536:xyRh31jxPEFQX6k+H84bsej6mQSej6mQIoKuQ:xyRhFj8IHSHIoM

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7392f3fe4396ba50743e77fd33b6a1a2_JaffaCakes118

Files

7392f3fe4396ba50743e77fd33b6a1a2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ