Behavioral task
behavioral1
Sample
Rajahax.exe
Resource
win10ltsc2021-20241023-en
General
-
Target
Rajahax.exe
-
Size
138KB
-
MD5
3a2efdd34244d2e32564be1ecd2ae2fb
-
SHA1
a59fe64e0fcd7dd73bf1d6a748e3cf8416eef93f
-
SHA256
248c2fb9b77901a03336a08aed6c8ad459b7853168160f233946b21bf786090f
-
SHA512
3e19c0a0640a5a3ea51743fbba093dae7bd47c83d2a8f406d9872c8bc9cba8a4df28887156fd567e8f2f0436cfb6b80705da98ecde6f992c82441117959af31f
-
SSDEEP
1536:kAxJAVmt6R/ZyWyElr+fuTdOp6dcDw0u0fZwn5y43RMlhfLLjl0ctdZPCs3Kj3h3:kAxJAQt0yWThdOp6bn5yWsdvt/PiSK
Malware Config
Extracted
phemedrone
https://api.telegram.org/bot7256179101:AAH9javBF9KWz5fXIR2_YM3Ma3CqowIubKw/sendDocument
Signatures
-
Phemedrone family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Rajahax.exe
Files
-
Rajahax.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 136KB - Virtual size: 135KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ