rhadamanthys | SilverRAT[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SilverRAT.exe
Size

448KB
MD5

e1e28c3acf184aa364c9ed9a30ab7289
SHA1

1a173a6f4ec39fe467f1b4b91c9fad794167ac1c
SHA256

03c72cfabace07b6787d2d1fd66d6d6d9a2fbcb74a827ca4ab7e59aba40cb306
SHA512

e8d38c9a144b7f4531e617de45dc240042a7b9ce7dd5766eb2f763b505d9786acccf54f3a03ff3639c36c957e2d14d34b5b59196170eb1b6b5f17e8a417d6991
SSDEEP

6144:nC5hyUR+MhyfUj6qfoMXYfIrvQ/zabJzYbLkBWBXpMcwLbjJgSqtUg83T36XE24r:v+BoMmID/mQmpMcmSSIU16XE2e5L

Score

10^/10

rhadamanthys

Malware Config

Extracted

Family

rhadamanthys

https://95.214.55.177:2474/fae624c5418d6/black.api

Signatures

Rhadamanthys family
rhadamanthys
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

SilverRAT.exe

resource
SilverRAT.exe

Files

SilverRAT.exe
.exe windows:5 windows x86 arch:x86

55ad6bfe47219bd08f4db9b7b6e7d559

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
GetModuleHandleA
CreateEventA
WaitForSingleObject
CloseHandle
HeapDestroy
GetModuleFileNameW
lstrlenW
HeapFree
MulDiv
GetProcessHeap
HeapAlloc
GetStartupInfoA

user32

GetScrollRange
GetClassInfoExW
GetClassInfoW
FillRect
CharUpperBuffW
DispatchMessageW
KillTimer
EndMenu
PeekMessageW
EndPaint
FrameRect
IsIconic
LoadBitmapW
GetWindowTextW
DestroyWindow
SetScrollPos
DrawMenuBar
GetMenuStringW
DrawIcon
GetClientRect
BeginPaint
DeleteMenu
LoadIconW
CopyImage
ShowCaret
DefFrameProcW
LoadCursorW
RegisterClassW
SetTimer
GetDCEx
CreateMenu
IsZoomed
DrawFocusRect
GetSystemMenu
GetScrollPos
CreateWindowExW
GetMenuItemInfoW
DestroyMenu
GetCursor
DefMDIChildProcW
ReleaseDC
GetScrollInfo
DestroyCursor
EnableWindow
ShowWindow
CreateAcceleratorTableW
InsertMenuW
GetDlgCtrlID
SetMenuItemInfoW
CreateIcon

gdi32

RestoreDC
Polygon
MoveToEx
CreateICW
RectVisible
CreatePalette
GetTextMetricsW
PolyBezierTo
SetRectRgn
CreateDCW
GetWindowOrgEx

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoUninitialize

oleaut32

SafeArrayCreate
SafeArrayAccessData
VariantChangeType
SysFreeString
SysAllocStringLen
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayGetElement
GetErrorInfo
VariantInit
SysReAllocStringLen
VariantCopy
SafeArrayPtrOfIndex
SafeArrayGetLBound
VariantCopyInd
SafeArrayPutElement
VariantClear

msvcrt

__p__fmode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
memcpy
qsort
wcsrchr
memset
wcschr
__set_app_type
_except_handler3
_controlfp
__p__commode

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

55ad6bfe47219bd08f4db9b7b6e7d559

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

msvcrt

Sections

.text Size: 58KB - Virtual size: 57KB

.textbss Size: - Virtual size: 64KB

.rdata Size: 385KB - Virtual size: 384KB

.data Size: 512B - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 58KB - Virtual size: 57KB

.textbss
Size: - Virtual size: 64KB

.rdata
Size: 385KB - Virtual size: 384KB

.data
Size: 512B - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB