C:\Users\th3ke\Desktop\memcl\SkyAuth-Lsass\obj\x64\Release\x.pdb
Static task
static1
Behavioral task
behavioral1
Sample
rat.exe
Resource
win10v2004-20240910-en
General
-
Target
rat.exe
-
Size
2.0MB
-
MD5
15764e4929a52a95a4f9e3a55eaddab2
-
SHA1
d362d450dc5b9d02c0fe7b43e4065cd21a541afe
-
SHA256
a0f04d5c2e77ba74cc63ec1fcc568036336e160be3d53e2c7b2f729c106065df
-
SHA512
3685dcc998992efdcd58aacf201fe20e004959c59f5c123cbc41d4c1ddc304413982f08423c9378c620beaa5433f20030fecab14961f8d7c20958952010f03e3
-
SSDEEP
49152:++axysYC6syUkoPaPS2AJNySUP+Mk2kqXfd+/9AqUana:ztClVkoOSfJNpUWmkqXf0FPUW
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource rat.exe
Files
-
rat.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Sections
.text Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ