runningrat | 5c15dfb77e6ebf777995de8713092d59d857adadc12a0fd4457eb3e75a385735N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5c15dfb77e6ebf777995de8713092d59d857adadc12a0fd4457eb3e75a385735N.exe
Size

112KB
MD5

df4cab6655d82482c76d0510392e1fb0
SHA1

ebe7c66ab923db14d9bcfee88cd357eeb4b55c87
SHA256

5c15dfb77e6ebf777995de8713092d59d857adadc12a0fd4457eb3e75a385735
SHA512

3f205583b99a4237b28c66514abfc0866e6365bff0a4bbfc85f57b0e112887cc493bd7fea6c54dd884833491a1e70e84b90fcb4e7aff678cea75f8e161385dbd
SSDEEP

1536:vqEA70HzLJksPEOajozLElnqiO2Z+dJ/tH:vXTLJkQ7zAV3ZUt

Score

10^/10

rat runningrat

Malware Config

Extracted

Family

runningrat

fwq.kuai-go.com

Signatures

RunningRat payload 1 IoCs

resource	yara_rule
sample	family_runningrat

Runningrat family
runningrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c15dfb77e6ebf777995de8713092d59d857adadc12a0fd4457eb3e75a385735N.exe

Files

5c15dfb77e6ebf777995de8713092d59d857adadc12a0fd4457eb3e75a385735N.exe
.exe windows:4 windows x86 arch:x86

7e3107c64f6a7a76d8463e3f374f74af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord815
ord459
ord561
ord825
ord743
ord800
ord537
ord1199
ord1205
ord1247
ord4129
ord5683
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1859
ord4246
ord3869
ord2127
ord2723
ord2391
ord3059
ord5102
ord5105
ord4468
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2880
ord2878
ord4153
ord6055
ord4077
ord1776
ord5237
ord2383
ord5284
ord2649
ord1665
ord4437
ord4428
ord796
ord554
ord529
ord402
ord674
ord807
ord2494
ord2627
ord2626
ord6000
ord2117
ord4163
ord6625
ord4457
ord5255
ord823
ord1858
ord4245
ord5101
ord2101
ord2390
ord5100
ord5104
ord4467
ord3351
ord976
ord2879
ord4152
ord2382
ord5283
ord4436
ord2445
ord4427
ord401
ord5254
ord5098
ord4620
ord1894
ord4254
ord2486
ord4015
ord4957
ord4861
ord4826
ord3187
ord4950
ord5289
ord2171
ord5020
ord4517
ord4640
ord4916
ord5002
ord4494
ord4491
ord5021
ord3106
ord4605
ord5000
ord4416
ord5090
ord5501
ord4628
ord4657
ord5752
ord4155
ord2991
ord3417
ord5025
ord3514
ord6344
ord5627
ord1003
ord3449
ord3787
ord3250
ord4697
ord3060
ord3066
ord6336
ord2510
ord2542
ord5244
ord5742
ord1747
ord5577
ord3172
ord5654
ord4423
ord4956
ord4860
ord2402
ord4387
ord3454
ord3198
ord6081
ord6175
ord3261
ord4623
ord4430
ord748
ord1206
ord2623
ord456
ord1223
ord4825
ord4614
ord4613
ord1945
ord4273
ord4589
ord4899
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord5290
ord3748
ord1726
ord4432
ord560
ord813
ord5260
ord2535
ord1895
ord4958
ord3407
ord4990
ord4927
ord4932
ord4937
ord4717
ord4688
ord4857
ord5018
ord5108
ord4912
ord4646
ord4980
ord4522
ord4993
ord4537
ord5075
ord4038
ord3281
ord3353
ord4626
ord457
ord749
ord4653
ord6194
ord1886
ord4251
ord4946
ord3254
ord2441
ord1695
ord5006
ord5656
ord4470
ord5103
ord5476
ord4154
ord5285
ord736
ord739
ord450
ord439
ord442
ord747
ord5495
ord2104
ord4460
ord6064
ord5252
ord1576
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4610
ord4612
ord2437
ord4615
ord1168

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_except_handler3
memset
__p__pgmptr
sprintf
memcpy
_access
strstr
__CxxFrameHandler
_setmbcp
_mkdir
_controlfp

kernel32

CloseHandle
CreateFileA
FreeLibrary
GetTickCount
GetFileAttributesA
ExpandEnvironmentStringsA
GetLastError
GetProcAddress
LoadLibraryA
lstrcpyA
GetCommandLineA
Sleep
lstrcmpiA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
WriteFile

user32

wsprintfA
EnableWindow

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

7e3107c64f6a7a76d8463e3f374f74af

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 48KB - Virtual size: 48KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 20KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 48KB - Virtual size: 48KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 2KB