888rat | 51ae71e25e2b419617bfdd08e7de156e7d09cb7f113cf68f3360064a440953ef[.]zip

General

Target

51ae71e25e2b419617bfdd08e7de156e7d09cb7f113cf68f3360064a440953ef.zip
Size

2.7MB
MD5

f60bbb84f3bf19243e87a26a9bc79faa
SHA1

642561972a2774d951e3cc0f9c6d2706621cf784
SHA256

2e13d890364ccb4455c6cd3f59469ae57307f4e7d34805c4eec786eac5534060
SHA512

74b758102282043b54f9bcd2be0ae4386e9b00eafbb4bf16c90a9b7d67c95254a22d20d84ea5aab178848b0dceffbfd800804170a3ed5618df273418edbd3e9d
SSDEEP

49152:59KLPA7P5iXI0jfGeJ5jJBVVxoAP5hCewX4G61KuwR6SkWZ6Lrf5Pe4rBQxZk/:TKDA7B106eXjJBVVxoAPTX1gP6LrVe7e

Score

10^/10

888rat

Android 888 RAT payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/51ae71e25e2b419617bfdd08e7de156e7d09cb7f113cf68f3360064a440953ef	family_888rat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/51ae71e25e2b419617bfdd08e7de156e7d09cb7f113cf68f3360064a440953ef

51ae71e25e2b419617bfdd08e7de156e7d09cb7f113cf68f3360064a440953ef.zip
.zip

Password: infected
51ae71e25e2b419617bfdd08e7de156e7d09cb7f113cf68f3360064a440953ef
.exe windows:5 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 616KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.3MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ