xtremerat | fdbdb2519c54bbcbc97e3fdb8e4f2424_JaffaCakes118 | Triage

Sharing

General

Target

fdbdb2519c54bbcbc97e3fdb8e4f2424_JaffaCakes118
Size

131KB
MD5

fdbdb2519c54bbcbc97e3fdb8e4f2424
SHA1

ec53fdb37ce15a6584e22d5fa220d42491f56860
SHA256

8dda55117f705b4ee04b8baa4ffb272edd075bc7fa233b042892465958f156b0
SHA512

aaf0d440ccd85e212480e90262a7e064eca56d983e0b9d33be98222a6d8fa4f2d84061e80317f269ce8f63fa074ebb3788d0049fe1c380ad8de044425e689410
SSDEEP

1536:Tsq+QV4rObAdXWpf/y+YaAG4Rd6t3WcQ6G4Rd6t3WcQY:e44rj/laGRd6p2sRd6p2Y

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdbdb2519c54bbcbc97e3fdb8e4f2424_JaffaCakes118

Files

fdbdb2519c54bbcbc97e3fdb8e4f2424_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 208KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ