xtremerat | b3d6ef674232af2e47181bacc8a87c8f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b3d6ef674232af2e47181bacc8a87c8f_JaffaCakes118
Size

88KB
MD5

b3d6ef674232af2e47181bacc8a87c8f
SHA1

9e3b5029734d0512913dea64b4d4009a1922fb12
SHA256

8f5176b11518d6740417c443a422be9d5a14d1425d9b1f2ab3ac4e41490c3c4d
SHA512

556ad2bfba2425bcc69429220dc19722a2521e09ca03c13d40c32ccca6cb6f401c659c42ab209ca76a7581a41ae3abc4955e56e8adade549b880fa61c14f40ae
SSDEEP

1536:/gsq+QV4rObAdNoAf5UqiYmlArNwsloxwja:d44rOR1Atloxp

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3d6ef674232af2e47181bacc8a87c8f_JaffaCakes118

Files

b3d6ef674232af2e47181bacc8a87c8f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7b8d3b5ee49bebc3455bc9565fdb7011

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeObj

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ