xtremerat | JaffaCakes118_4d1fc20b4f47844fb666cc8b17b00009 | Triage

Sharing

General

Target

JaffaCakes118_4d1fc20b4f47844fb666cc8b17b00009
Size

158KB
MD5

4d1fc20b4f47844fb666cc8b17b00009
SHA1

239d33318f3496564b10b1ba5b8374e2a3082349
SHA256

27ea0032ff6a32ae9a996d6bf0ffb7af8c12c15bac610daf24f1896b6dc1d220
SHA512

0577387cbfc09557d7ddb0fae20684f3a26f67125afe7edb79d677b8efe027ad48393453cfb18ab6b639071464f0d97c29d60a3b52e1b301fd2a3685a382160c
SSDEEP

1536:9sq+QV4rObAdXWpfKyocz97qjh3rmKPNIoT:k44rjkzzojZqMNIoT

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4d1fc20b4f47844fb666cc8b17b00009

Files

JaffaCakes118_4d1fc20b4f47844fb666cc8b17b00009
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 208KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

data
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ