xtremerat | eedc22e9805d50860ac45ec28e4b7caf_JaffaCakes118 | Triage

Sharing

General

Target

eedc22e9805d50860ac45ec28e4b7caf_JaffaCakes118
Size

44KB
MD5

eedc22e9805d50860ac45ec28e4b7caf
SHA1

0f308c0686b1f3f9e345dcdf24d1274ce603fb4f
SHA256

b8e8a4a2976eba4ec3f8e9feb27ca9f11113f5e0906a9cae811560815fc1f35e
SHA512

502cdac8e81b1ec08481fa879f2341af181c27c66857e54ee30f57806b7e03d17b8b880f29e1df8d8e70b8da7aeddd70be75f9bd0b969cb0783b74e1443e8eae
SSDEEP

768:rBr+tjFlTPkAlfztB1lr6an3sGTruvm2DfOTwYPI+zoJ1L:FyRvHlrL1lr6anXTruvm2buQCozL

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eedc22e9805d50860ac45ec28e4b7caf_JaffaCakes118

Files

eedc22e9805d50860ac45ec28e4b7caf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ