eaglerat | SinfulFN[.]exe | Triage

Sharing

General

Target

SinfulFN.exe
Size

63KB
MD5

687b30f51a10758ff2ee7da39b520e1a
SHA1

9a8b7e44a4b746194d29f43caf22a9025a668d00
SHA256

5001062488d582690e03075175558c5e361647f2ec2d29eb40487188325a7e9b
SHA512

ed15b3472ceededbfe1df4d6bc21e43ed7814b9eeb90386ba726e44cf69d871678a3d407a6926e24eda968ea6d8850a51234db97a336f32cec07505589b218ad
SSDEEP

1536:rh3HaMmkefuYjsDAiENQVseNbIB2CeFV:13GNjsD8YNOIb

Score

10^/10

eaglerat

Malware Config

Extracted

Family

eaglerat

C2

127.0.0.1:9875

127.0.0.1:7788

Signatures

Eaglerat family
eaglerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SinfulFN.exe

Files

SinfulFN.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ