xtremerat | 1642421e567928b38b37458d9f25feb0_JaffaCakes118 | Triage

Sharing

General

Target

1642421e567928b38b37458d9f25feb0_JaffaCakes118
Size

45KB
MD5

1642421e567928b38b37458d9f25feb0
SHA1

6d31498897d906774faad71ab1326b342f001a10
SHA256

a73039b543e61e7130c4f182f96e6fbc925b11ec658f87cbcf81fd174967dfad
SHA512

892b4f7a58aff66cfe700d0518da35c5416d4fdb0ddef8a4d065a3203551c19e85a274a0a94addc78e9db7b3052f93d067d05df34bb5e47c4eaf23f9ee5650be
SSDEEP

768:9Br+tjFY90iY6W1jwm3zKgEFQX6klMIAnH8hwfOgw08gzo5J:jyRh31j1PEFQX6k+H84bFo5J

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1642421e567928b38b37458d9f25feb0_JaffaCakes118

Files

1642421e567928b38b37458d9f25feb0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ