revengerat | 2503591813db469e7a22ecdfc233b7e91a85821c6f2beaf05e406f722dae2e55

Sharing

Copy URL

Twitter E-mail

General

Target

2503591813db469e7a22ecdfc233b7e91a85821c6f2beaf05e406f722dae2e55
Size

70KB
MD5

407b61f6bd7985c856ba370dde95daee
SHA1

45023210e16863ce86957c11178eca2f7a9a184c
SHA256

2503591813db469e7a22ecdfc233b7e91a85821c6f2beaf05e406f722dae2e55
SHA512

511ff1d524ce06dfbc9f32283b0c2e9a7068a01d8cc6bbe6a70980661fc8a377c0d4241251516d6c3c01fd1113e595fa319f9e53ca0c93574a180d7bdec071a2
SSDEEP

1536:OK2r00bQ1jrukCuFn2T49JTM/zAA+7XCee7fUfAN:OKnLBRB77XCNN

Score

10^/10

stealer revengerat

Malware Config

Signatures

RevengeRat Executable 1 IoCs
stealer

Processes:

resource yara_rule

sample revengerat
Revengerat family
revengerat

resource	yara_rule
sample	revengerat

Files

2503591813db469e7a22ecdfc233b7e91a85821c6f2beaf05e406f722dae2e55
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

06:ae:a7:6b:ac:46:a9:e8:cf:e6:d2:9e:45:aa:f0:33
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08-11-2019 00:00

Not After

16-11-2022 12:00

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:15:be:4a:15:bb:09:03:c9:01:b1:d6:c2:65:30:2f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-11-2018 00:00

Not After

17-11-2021 12:00

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=ca,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:d3:1e:fa:1e:c7:02:a2:9e:b1:17:5e:14:ca:57:50:9d:52:b2:51:55:29:78:6a:59:92:73:15:8e:39:98:2e
Signer

Actual PE Digest

07:d3:1e:fa:1e:c7:02:a2:9e:b1:17:5e:14:ca:57:50:9d:52:b2:51:55:29:78:6a:59:92:73:15:8e:39:98:2e

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Google LLC,O=Google LLC,L=Mountain View,ST=ca,C=US

01-10-2020 00:29
Valid: true

Chain 1

CN=Google LLC,O=Google LLC,L=Mountain View,ST=ca,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

31:61:e8:df:38:17:18:ec:75:44:3c:48:05:c6:59:c8:5f:74:69:e7
Signer

Actual PE Digest

31:61:e8:df:38:17:18:ec:75:44:3c:48:05:c6:59:c8:5f:74:69:e7

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

01-10-2020 00:29
Valid: true

Chain 1

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 226B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

06:ae:a7:6b:ac:46:a9:e8:cf:e6:d2:9e:45:aa:f0:33Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

0c:15:be:4a:15:bb:09:03:c9:01:b1:d6:c2:65:30:2fCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

07:d3:1e:fa:1e:c7:02:a2:9e:b1:17:5e:14:ca:57:50:9d:52:b2:51:55:29:78:6a:59:92:73:15:8e:39:98:2eSigner

Signature Validations

Verification

01-10-2020 00:29 Valid: true

Chain 1

31:61:e8:df:38:17:18:ec:75:44:3c:48:05:c6:59:c8:5f:74:69:e7Signer

Signature Validations

Verification

01-10-2020 00:29 Valid: true

Chain 1

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 52KB - Virtual size: 52KB

.sdata Size: 512B - Virtual size: 226B

.reloc Size: 512B - Virtual size: 12B

.rsrc Size: 1024B - Virtual size: 744B

06:ae:a7:6b:ac:46:a9:e8:cf:e6:d2:9e:45:aa:f0:33
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

0c:15:be:4a:15:bb:09:03:c9:01:b1:d6:c2:65:30:2f
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

07:d3:1e:fa:1e:c7:02:a2:9e:b1:17:5e:14:ca:57:50:9d:52:b2:51:55:29:78:6a:59:92:73:15:8e:39:98:2e
Signer

01-10-2020 00:29
Valid: true

31:61:e8:df:38:17:18:ec:75:44:3c:48:05:c6:59:c8:5f:74:69:e7
Signer

01-10-2020 00:29
Valid: true

.text
Size: 52KB - Virtual size: 52KB

.sdata
Size: 512B - Virtual size: 226B

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 1024B - Virtual size: 744B