Static task
static1
Behavioral task
behavioral1
Sample
f57fff1b8acdee475b161ec1313452f0fe66077142fc677a63f7914a96890bae.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
f57fff1b8acdee475b161ec1313452f0fe66077142fc677a63f7914a96890bae.exe
Resource
win10-en-20211208
General
-
Target
f57fff1b8acdee475b161ec1313452f0fe66077142fc677a63f7914a96890bae
-
Size
17KB
-
MD5
cc3c73d81bf77fb2000685c7f6757f91
-
SHA1
ff58a06a482a643cc143d1f43e949cc7ce2f3966
-
SHA256
f57fff1b8acdee475b161ec1313452f0fe66077142fc677a63f7914a96890bae
-
SHA512
f9b6b5cb1451eacaef743252e60745eb4cc5d9d782f4e9219a07d2427058d9bc4198bd12f69140d71ad1c53dc687aea524eb682e791d6a4b8b364cd505a1a828
-
SSDEEP
384:z5aeEr8oiYN6xGvRPJnMhSmK4wRIDPXM0sVKyyFwG9:TE9WhSDI73J
Malware Config
Extracted
revengerat
4
systen32.ddns.net:6000
office365update.duckdns.org:6000
RV_MUTEX-WindowsUpdateSysten32
Signatures
-
RevengeRat Executable 1 IoCs
Processes:
resource yara_rule sample revengerat -
Revengerat family
Files
-
f57fff1b8acdee475b161ec1313452f0fe66077142fc677a63f7914a96890bae.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ