xtremerat | c76b9fde141e3fb3f756fc28dcc9dc74_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c76b9fde141e3fb3f756fc28dcc9dc74_JaffaCakes118
Size

65KB
MD5

c76b9fde141e3fb3f756fc28dcc9dc74
SHA1

494e6207660bc57a6a2f90641f91df728d7f32dd
SHA256

f2c4fe10a16568896616233c30c8d571618077d62fea257e785533a77a2a78b1
SHA512

71452c3d4995dc5d8665e5b8b985983557ed1fc6a509d6d5160e6a623fd6af24b53976eb16a79f3f22af0929465b34edb7f1280de1513560b99bcdb0f46cf5bb
SSDEEP

768:o8m1Sq4NQErBsH1tzoisBKQI6dObAG/dq8uWl9Ifnc6/yyR+P2ujfGiZKPA+7Xon:qsq+QV4rObAdXWcffy+7ozNwidoYqy

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c76b9fde141e3fb3f756fc28dcc9dc74_JaffaCakes118

Files

c76b9fde141e3fb3f756fc28dcc9dc74_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 208KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.r c
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ