SSH R[.]A[.]T[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SSH R.A.T.exe
Size

825KB
MD5

f755c4a599cd773b2281ef246e7f40a9
SHA1

1351f7889032bb6a6407df77c5ad10006508c212
SHA256

4d352942cc659ab92345eeb0a8b9d6c974b5123c2f05db2488a27028b3c8f746
SHA512

0f50a0f9a59ead8c241f6cba07266fd03c5ddfb4e8e8b38176bd543c4f3cbd73b1156f5f7f42511609effbb292ad762985d9f9e0688acca5e92216a5f73b9595
SSDEEP

6144:rPunyGdZX7q4Op9LCs3n3p3o3o3GBGg/uj0WWgk7M33:rPunf2TC2g/uII

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SSH R.A.T.exe

Files

SSH R.A.T.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 742KB - Virtual size: 741KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ