revengerat | fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65

General

Target

fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
Size

556KB
MD5

5dac4954e8c9d4415b14e0e80fc1b409
SHA1

324235096176442eead12015467597c175f1b002
SHA256

fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65
SHA512

ffdb33904be0297e97bd29b0e83a2a0ba9c2952219e8364edaf420cf8d3ae61ffc017e17b53f1acac3d57448715c5c6fc59adef6b127408493ac308b94ffe662

Score

10^/10

Family

revengerat

Botnet

NyanCatRevenge

C2

github-58677.portmap.io:58677

Mutex

d9b2ac78f4944456

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat

Suspicious use of SetThreadContext 1 IoCs

Processes:

fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe

description	pid	process	target process
PID 2368 set thread context of 3764	2368	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe

description	pid	process	target process
PID 2368 wrote to memory of 3764	2368	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
PID 2368 wrote to memory of 3764	2368	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
PID 2368 wrote to memory of 3764	2368	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
PID 2368 wrote to memory of 3764	2368	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
PID 2368 wrote to memory of 3764	2368	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
PID 2368 wrote to memory of 3764	2368	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
PID 2368 wrote to memory of 3764	2368	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
PID 2368 wrote to memory of 3764	2368	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe	fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe

C:\Users\Admin\AppData\Local\Temp\fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe
"C:\Users\Admin\AppData\Local\Temp\fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe"
2⤵
PID:3764

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fb2da9f629fd5c61ab198a079218e281b5c32be693b733cb63eaaf07203a2b65.exe.log
MD5
d0c7109da36e3bef4d1b57bd13ea15ee

SHA1
6a6fe159044270ebb2e2774738c27bea2dc9988f

SHA256
d934c0e86141b925f5452432eda91bcfa85165c0aa681cd35719272b2d992862

SHA512
fa50770f511e207030f486b61936a562cc15a4103a262bb0f658e32483478e1a347454231ffa9cf5e6da868a2121193ba099db441efb74a054635c58c383237b

Download Submit
memory/2368-130-0x0000000000510000-0x00000000005A2000-memory.dmp

Filesize
584KB

Download
memory/2368-131-0x0000000075190000-0x0000000075940000-memory.dmp

Filesize
7.7MB

Download
memory/2368-132-0x0000000005860000-0x0000000005E04000-memory.dmp

Filesize
5.6MB

Download
memory/2368-133-0x0000000005350000-0x00000000053E2000-memory.dmp

Filesize
584KB

Download
memory/2368-134-0x00000000052A0000-0x00000000052A1000-memory.dmp

Filesize
4KB

Download
memory/2368-135-0x00000000052B0000-0x00000000052CA000-memory.dmp

Filesize
104KB

Download
memory/3764-136-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3764-138-0x0000000075190000-0x0000000075940000-memory.dmp

Filesize
7.7MB

Download
memory/3764-139-0x0000000004F10000-0x00000000054B4000-memory.dmp

Filesize
5.6MB

Download