Behavioral task
behavioral1
Sample
38194b42cc180ab72aed1256447bec9b8b65910241e5a2b97ac29b0c12d95748.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
38194b42cc180ab72aed1256447bec9b8b65910241e5a2b97ac29b0c12d95748.exe
Resource
win10v2004-20230703-en
General
-
Target
38194b42cc180ab72aed1256447bec9b8b65910241e5a2b97ac29b0c12d95748
-
Size
115KB
-
MD5
afd5d29bfcddb00b11a869fd2016282d
-
SHA1
0de3328c8a0dce66d17765665b29662de75e5d15
-
SHA256
38194b42cc180ab72aed1256447bec9b8b65910241e5a2b97ac29b0c12d95748
-
SHA512
ce3aaf59162768087bbb34de0767c74ee05e8f13a19559c49896f5249d36900ee14270ade74964c8cd3d8b6bcf684002cf3bddc8d14856907d2b2b2d0026f133
-
SSDEEP
3072:MJZKnPE2YyJzELtyThyYeY8lNgoiJ+sX8HFvytb3Nu:MJZKBI0hyYeY4eoiJ+sCFvC
Malware Config
Signatures
-
Vanilla Rat payload 1 IoCs
Processes:
resource yara_rule sample vanillarat -
Vanillarat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 38194b42cc180ab72aed1256447bec9b8b65910241e5a2b97ac29b0c12d95748
Files
-
38194b42cc180ab72aed1256447bec9b8b65910241e5a2b97ac29b0c12d95748.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 112KB - Virtual size: 111KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ