eaglerat | playitnr[.]exe | Triage

Sharing

General

Target

playitnr.exe
Size

64KB
MD5

fbaa5ba48d31bb17bd15da224f55faa1
SHA1

525587279495f3f79daa053f97607de018ede100
SHA256

ed9b88618ad0d7b90bc1c1557d0d07ccc6c5efb215137d8328c1b23e2ee24d00
SHA512

f4a9363df6a137a9b5fbe7797724745117b04a46bf81473ebbf72bdc2ac65c545a757270d22bb3f2661f3a3eebd6b14ce9495daccca986cd4afd708e53e8634c
SSDEEP

1536:ch3HaMmkefuYjsDAiENQVseNbIB23vYU/Tx:A3GNjsD8YNOavYyx

Score

10^/10

eaglerat

Malware Config

Extracted

Family

eaglerat

C2

127.0.0.1:5353

Signatures

Eaglerat family
eaglerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
playitnr.exe

Files

playitnr.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ