predatorstealer | bghKnCQqX[.]exe | Triage

Sharing

General

Target

bghKnCQqX.exe
Size

536KB
MD5

862ab6b0e8dffbc12eeda9a35e87d7a3
SHA1

e4b43bf4074ad794ca1c2fe3da1a074a78fa6d0c
SHA256

484eb8232a4ec3d75edc1de58a87deac07367d7c51bc64152f746698a73915cd
SHA512

61b5fd38349638245ddd71143b3771ff3bc74764b3a5c7d85c6da01366c20f9f1584188529af7cae414c718453671d2042ff30165b1ebfdc41d60ed67a2d0ee7
SSDEEP

6144:X+BWmtpZQYS2PjCLfjSCpkALDUbr0tJ0nzbWdG/Wow7+JJU6:OPw2PjCLe3a6Q70zbYow606

Score

10^/10

predatorstealer

Malware Config

Extracted

Family

predatorstealer

C2

http://53d5-66-154-102-195.ngrok-free.app/3g86/panel/panel/panel/Panel/

Signatures

Predatorstealer family
predatorstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bghKnCQqX.exe

Files

bghKnCQqX.exe
.exe windows:4 windows x86 arch:x86

Password: sh2004sh

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\MyWork\برمجة\gom_v_4.0\update_windows10\update_windows10\obj\Debug\update_windows10.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 519KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ