General
-
Target
rat.exe
-
Size
63KB
-
MD5
a55f86168b9d6c78d6372b92c9476437
-
SHA1
4f2aa3324131607300ae9f9408a265551afad257
-
SHA256
fd66d10fb5e717f1f1c46eb374689afe3ed645703163a3d2af8fc7ed0c08aa4f
-
SHA512
4ea75ced59d20ed0049f0f44969bb421e0081adc5e643385b831ab5fee4086af0243601c20067b374f101f88b13850489a539ee386017e6501811a182c5ee4ac
-
SSDEEP
1536:gh3HaMmkefuYjsDAiENQVseNbIB27NJXx:k3GNjsD8YNOuvh
Malware Config
Extracted
eaglerat
127.0.0.1:9875
127.0.0.1:7788
172.26.48.1:9875
Signatures
-
Eaglerat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource rat.exe
Files
-
rat.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 61KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ