comrat | 730108223c935c107f95c76c2660e419fd0c6ccecdd82c8e2877508ca9b32875 | Triage

Sharing

General

Target

730108223c935c107f95c76c2660e419fd0c6ccecdd82c8e2877508ca9b32875
Size

1.7MB
MD5

bac9ad5d2966935ef34a42e7309ecdc5
SHA1

f870028fe3aab1a9429d66b13535e450653e888c
SHA256

730108223c935c107f95c76c2660e419fd0c6ccecdd82c8e2877508ca9b32875
SHA512

7cae60bc17249ebb1ba9f3e8d066e132b8f643e9d87fe2b0ea1a7af676825f9c8ee139bfddbd9b954776d93496976258cab7389eec5534e30442754703d0f33a
SSDEEP

49152:ptb9JIdmNgW8Du4CuK5PN8NnpURzezUJWJEy+yDgrPh:BUDsSNnkasS/xDqh

Score

10^/10

comrat

Malware Config

Signatures

ComRAT v4 (Orchestrator DLL) 1 IoCs

File contains strings specific to ComRAT v4 samples first seen in 2017.

resource	yara_rule
sample	ComRAT

Comrat family
comrat

Files

730108223c935c107f95c76c2660e419fd0c6ccecdd82c8e2877508ca9b32875
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 805KB - Virtual size: 804KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 370KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ