Analysis
-
max time kernel
96s -
max time network
99s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
11-12-2024 20:07
General
-
Target
Client.exe
-
Size
64KB
-
MD5
f01462ca16378ffe6407313c107ccf2b
-
SHA1
af747588057dbbb3a4d97c6b3f0c9a0e70a5d56d
-
SHA256
9d3825a780a960861b6082d6bea7a7d4dc9f92ab4ac35413ae1e56c3d1cd4122
-
SHA512
96c9e4edc8bea867540864055b4fa875ef80ec07c0199a60fa76095799128c1ff1347fc4bdd4432a9d3ea3577894b15c16c78a7e92ae8dde1d68f78432413f93
-
SSDEEP
1536:Uh3HaMmkefuYjsDAiENQVseNbIB2d0Wtl:I3GNjsD8YNOjWf
Malware Config
Extracted
Family
eaglerat
C2
127.0.0.1:9875
127.0.0.1:7788
184.98.230.97:4545
Signatures
-
Eaglerat family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Client.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4948 Client.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4948 Client.exe