revengerat | 0x0009000000012733-58[.]dat | Triage

Sharing

General

Target

0x0009000000012733-58.dat
Size

92KB
MD5

2b6dc42dc5c0b40bf131dc3eb4f7b4ba
SHA1

277a44b6fc468199180efdab5c4151e5b772e2b9
SHA256

a2639ef31af5e1015463f0663982ae4bd10271f1660cdec494cfb8848b2c87a0
SHA512

98f993806bafe8924fe58e92d4441376350117eeb3b17f9e74221cbe4410376592050a7d05e3b914ca39eef63583356df0213def1510d6bb233f77ee45c6a11d
SSDEEP

768:7JdWZRFEe8HQW7HB3RKHMb9x11111111111111CYx5bke:GZRgf7HB3IE11111111111111Cuk

Score

10^/10

stealer guest revengerat

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

blessed147.ddns.net:8089

Mutex

RV_MUTEX

Signatures

RevengeRat Executable 1 IoCs
stealer

Processes:

resource yara_rule

sample revengerat
Revengerat family
revengerat

Files

0x0009000000012733-58.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ