Analysis
-
max time kernel
150s -
max time network
162s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
02-05-2022 15:02
Static task
static1
Behavioral task
behavioral1
Sample
55e059e1dda752cbbba16600f3f419431a11fbe93dbaa3d578b320c53693f847.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
55e059e1dda752cbbba16600f3f419431a11fbe93dbaa3d578b320c53693f847.exe
Resource
win10v2004-20220414-en
General
-
Target
55e059e1dda752cbbba16600f3f419431a11fbe93dbaa3d578b320c53693f847.exe
-
Size
74KB
-
MD5
5cfa23e4a78c8277c7d1329aa64e7db6
-
SHA1
ca985c39937eb19997cdfc450c3c83a9dc804a61
-
SHA256
55e059e1dda752cbbba16600f3f419431a11fbe93dbaa3d578b320c53693f847
-
SHA512
9eb5848e347d217f5eafdaa576e9e02bbcd6341663b70aba96a71503c400714ec84bc2c95fd3df32a183f8f7bf1028702d38f8f1a3d2f4b90a2164ab2e3d119f
Malware Config
Extracted
revengerat
NyanCatRevenge
79.134.225.88:2222
286f973cd74a49
Signatures
-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
55e059e1dda752cbbba16600f3f419431a11fbe93dbaa3d578b320c53693f847.exedescription pid process Token: SeDebugPrivilege 1656 55e059e1dda752cbbba16600f3f419431a11fbe93dbaa3d578b320c53693f847.exe