xtremerat | JaffaCakes118_7b4d6d7666477d66a260932a6964f76e | Triage

Sharing

General

Target

JaffaCakes118_7b4d6d7666477d66a260932a6964f76e
Size

62KB
MD5

7b4d6d7666477d66a260932a6964f76e
SHA1

177f985429b8f815ca27c3ea9a32ed3dd68a8c07
SHA256

9711ff75820fcc60df1010ed625bc2d08ce563b8dce01a3f9c38323107bfbc27
SHA512

f906f52791ccc88c920fb75a55c8e5e44a5338b0bde140978c3c0e80d45be2ef1de72ae207761759d15a913cdd890133d1896ec63eb2b8f7d2be8eda392524b5
SSDEEP

1536:B8qDqQMKQFKOt/jbNMPZ6tYe/HWMloNX33:VqcqKC/Ue/HWS0

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

resource	yara_rule
sample	family_xtremerat

Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7b4d6d7666477d66a260932a6964f76e

Files

JaffaCakes118_7b4d6d7666477d66a260932a6964f76e
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 203KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ