predatorstealer | server[.]exe | Triage

Sharing

General

Target

server.exe
Size

550KB
MD5

6cb512426a10237538b506679437b187
SHA1

281a423f138f9793ecaa9485457c2c01f35e8955
SHA256

ce1d57e8980fbdc500dc1baa64d4fcf2e3bc30a61c11ccad452cbc8bbe1f49fd
SHA512

ccfcb46cac5fcec1574310325cfe7d19661e30dd7f2638196e7ad21eadfd7d98f1a38bc65c44dcc52d322828a4243802394136f0eeea52cf1c39f81851a90cb4
SSDEEP

6144:s+BWmtpZQYS2PjCLfjSCpkALDUbr0tJ0nzbWYhJ6usHJdJUQ:XPw2PjCLe3a6Q70zbpJOHiQ

Score

10^/10

predatorstealer

Malware Config

Extracted

Family

predatorstealer

C2

http://unseamed-semaphore.000webhostapp.com/Panel/

Signatures

Predatorstealer family
predatorstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
server.exe

Files

server.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\MyWork\برمجة\gom_v_4.0\update_windows10\update_windows10\obj\Debug\update_windows10.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 533KB - Virtual size: 533KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ