xtremerat | fc053ada5723297ca0ce1be6c0c2b92fd88142b3e0129b960324f3181d3d1222N | Triage

Sharing

General

Target

fc053ada5723297ca0ce1be6c0c2b92fd88142b3e0129b960324f3181d3d1222N
Size

2.2MB
MD5

5ddbadc6f921bba27a37344cb4592630
SHA1

ccb97f90cdad3d4b114b294a3d0b46912b131b1a
SHA256

fc053ada5723297ca0ce1be6c0c2b92fd88142b3e0129b960324f3181d3d1222
SHA512

5e74c48f4d6ba1f88f9bc4cca7370e537fe593b95acbb37f5c6a112d96b1f1f76d8a7c24595ccbb00f6525a9e897d14faab4b72f0a76b3d8a2261aacffcdc761
SSDEEP

49152:jhbmmP3okl2d47ZDmNpgkWMzvKi5TJfszSNG1f16IAE9ZqxAv6:ZmmvoN6GgkWUv15TVsONG1f1lXJv6

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc053ada5723297ca0ce1be6c0c2b92fd88142b3e0129b960324f3181d3d1222N

Files

fc053ada5723297ca0ce1be6c0c2b92fd88142b3e0129b960324f3181d3d1222N
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 208KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ