xtremerat | 4b5c477548b00f070d109ce709ac5d58794f7f2c2e6ef20fc4ff1535b1544735

Sharing

Copy URL

Twitter E-mail

General

Target

4b5c477548b00f070d109ce709ac5d58794f7f2c2e6ef20fc4ff1535b1544735
Size

152KB
MD5

f7b7c4aa385de5de125d8f2769021b52
SHA1

a097b2700a958892681f490bf152fa81db7c9643
SHA256

4b5c477548b00f070d109ce709ac5d58794f7f2c2e6ef20fc4ff1535b1544735
SHA512

8fae482d74d3372b9a918607a3e4a5a391dfdc6697e8ba9c914e26f473c7f4d85e0fd040d82ce9ca80ba3bd6cb6eea0e946cfb903776cb1b06445e47568c193a
SSDEEP

768:IZfuHUkE9hghdN12Ozhiow2Gkm6+c3/HOzoqZOp69HFd2Vs8IO:IBzku+zMOlw2GkmS36o3+l4

Score

10^/10

upx xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b5c477548b00f070d109ce709ac5d58794f7f2c2e6ef20fc4ff1535b1544735

Files

4b5c477548b00f070d109ce709ac5d58794f7f2c2e6ef20fc4ff1535b1544735
.exe windows:4 windows x86 arch:x86

2043b2d5739b8130f603669f6c5b5944

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrlenW
WriteProcessMemory
WriteFile
WaitForSingleObject
VirtualProtectEx
VirtualFreeEx
VirtualFree
VirtualAllocEx
VirtualAlloc
TerminateThread
TerminateProcess
Sleep
SizeofResource
SetThreadPriority
SetThreadContext
SetFilePointer
SetFileAttributesW
SetErrorMode
SetEndOfFile
ResumeThread
ReadProcessMemory
ReadFile
OpenProcess
LockResource
LoadResource
LoadLibraryA
GlobalUnlock
GlobalSize
GlobalLock
GetWindowsDirectoryW
GetTimeFormatW
GetThreadContext
GetTempPathW
GetSystemDirectoryW
GetModuleHandleA
GetModuleFileNameW
GetLocalTime
GetLastError
GetFileSize
GetFileAttributesW
GetDateFormatW
GetCurrentProcessId
GetCommandLineW
FreeResource
FindResourceW
FindFirstFileW
ExitProcess
DeleteFileW
CreateThread
CreateRemoteThread
CreateProcessW
CreateMutexW
CreateFileW
CreateDirectoryW
CopyFileW
CloseHandle
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
ExitProcess
UnhandledExceptionFilter
RtlUnwind
RaiseException
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyW
RegCloseKey

ntdll

NtUnmapViewOfSection

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

psapi

GetModuleFileNameExW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
FindExecutableW
ShellExecuteW
ShellExecuteW

shlwapi

SHDeleteKeyW

urlmon

URLDownloadToFileW

user32

UnhookWindowsHookEx
TranslateMessage
ShowWindow
SetWindowsHookExW
SetClipboardViewer
SendMessageA
RegisterWindowMessageW
RegisterClassW
PostMessageA
PeekMessageA
OpenClipboard
MessageBoxW
MapVirtualKeyW
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetKeyboardLayout
GetKeyState
GetForegroundWindow
GetDesktopWindow
GetClipboardData
DispatchMessageA
DefWindowProcA
CloseClipboard
CharUpperW
CharNextW
CharLowerW
CallNextHookEx
CreateWindowExW
ToUnicodeEx
GetKeyboardState

wininet

InternetCloseHandle
FtpPutFileW
FtpSetCurrentDirectoryW
InternetOpenW
InternetConnectW
DeleteUrlCacheEntryW

Sections

UPX0
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2043b2d5739b8130f603669f6c5b5944

Headers

File Characteristics

Imports

kernel32

advapi32

ntdll

oleaut32

psapi

shell32

shlwapi

urlmon

user32

wininet

Sections

UPX0 Size: 56KB - Virtual size: 56KB

UPX1 Size: 20KB - Virtual size: 20KB

.rsrc Size: 72KB - Virtual size: 72KB

UPX0
Size: 56KB - Virtual size: 56KB

UPX1
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 72KB - Virtual size: 72KB