eaglerat | Client[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Client.exe
Size

64KB
MD5

fc1af6424a78019441a479f149eeaf1f
SHA1

60494e889e74ebf68ef27dae4ac1c868f6504ed3
SHA256

1404532922952b6fce2eb62440a674d518e30c37c8886c54b8d6687559032420
SHA512

be004cc846074a0976c5ccb729ccaaa24f95e107c71f389833e581d6cf7d348b060fdec02e938e481b9b18167d728945c5b20c8abf2899789aaa950d1b6612a2
SSDEEP

1536:ah3HaMmkefuYjsDAiENQVseNbIB2xL2zHQ:q3GNjsD8YNOEWw

Score

10^/10

eaglerat

Malware Config

Extracted

Family

eaglerat

C2

127.0.0.1:9875

127.0.0.1:7788

73.237.146.184:9736

Signatures

Eaglerat family
eaglerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Client.exe

Files

Client.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ