runningrat | JaffaCakes118_d8f2a7d4fb066f89ff7806603ea0192a | Triage

Sharing

General

Target

JaffaCakes118_d8f2a7d4fb066f89ff7806603ea0192a
Size

68KB
MD5

d8f2a7d4fb066f89ff7806603ea0192a
SHA1

f75e9b15ae4c7ab7160cc9e3ae668bcf545af03a
SHA256

fa8405c6d4f14f21f1e90a918d7fc1dea5fc151c183631751f32146c11198974
SHA512

6ffaea68d23798bebed122cbc4334c1db1c0cddf3e07beb7a641f1ba91197c2110c7d2f46bb5d57d9db8828230020da71cd7a9df3a6d04514b02fd532cfc2631
SSDEEP

768:BCB8S+OR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMIzDV:BHJaAoHoc2x7bZoYBAcQlwJdM3

Score

10^/10

rat runningrat

Malware Config

Extracted

Family

runningrat

Signatures

RunningRat payload 1 IoCs

resource	yara_rule
sample	family_runningrat

Runningrat family
runningrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_d8f2a7d4fb066f89ff7806603ea0192a

Files

JaffaCakes118_d8f2a7d4fb066f89ff7806603ea0192a
.exe windows:4 windows x86 arch:x86

1b365823829e2ac9bfb0aa5d328240a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??1type_info@@UAE@XZ
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler

kernel32

HeapAlloc
SetUnhandledExceptionFilter
CreateThread
WaitForSingleObject
ExitProcess
CloseHandle
GetProcessHeap
GetProcAddress
LoadLibraryA
HeapReAlloc
VirtualFree
FreeLibrary
VirtualAlloc
IsBadReadPtr

Exports

Exports

dd373_dll

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ