Static task
static1
Behavioral task
behavioral1
Sample
3f5d94ceb5367b224386438511aa78c245d977846a71fcd8ffa6c6470d1b3fe7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3f5d94ceb5367b224386438511aa78c245d977846a71fcd8ffa6c6470d1b3fe7.exe
Resource
win10v2004-20220414-en
General
-
Target
3f5d94ceb5367b224386438511aa78c245d977846a71fcd8ffa6c6470d1b3fe7
-
Size
17KB
-
MD5
1098d8e6429779b56a6b6a542cd3bc11
-
SHA1
73f6b9c7b6cf16d2abdf3a6ec06b0ac2aeb62af5
-
SHA256
3f5d94ceb5367b224386438511aa78c245d977846a71fcd8ffa6c6470d1b3fe7
-
SHA512
825a655df4440f3f4a072fe0ff4ab5d237cae5f3485d3bd51ce8053bf336aa4286f0e16d796e83c40c99d236cbe08c54b6914e34a5b307968d3d3fb88aa977a0
-
SSDEEP
384:jDv64MO8VKPBoELeNsvnbqsVKBXxyHZ3s2:jDvUHE/Le2OIB
Malware Config
Extracted
revengerat
The New
wowhu.zapto.org:5550
wowhu.zapto.org:5551
wowhu.zapto.org:5552
wowhu.zapto.org:5553
wowhu.zapto.org:5554
wowhu.zapto.org:5555
haxballfc.ddns.net:5550
haxballfc.ddns.net:5551
haxballfc.ddns.net:5552
haxballfc.ddns.net:5553
haxballfc.ddns.net:5554
haxballfc.ddns.net:5555
linkshosts.ddns.net:5550
linkshosts.ddns.net:5551
linkshosts.ddns.net:5552
linkshosts.ddns.net:5553
linkshosts.ddns.net:5554
linkshosts.ddns.net:5555
gaminghost.ddns.net:5550
gaminghost.ddns.net:5551
gaminghost.ddns.net:5552
gaminghost.ddns.net:5553
gaminghost.ddns.net:5554
gaminghost.ddns.net:5555
worldsez.publicvm.com:5550
worldsez.publicvm.com:5551
worldsez.publicvm.com:5552
worldsez.publicvm.com:5553
worldsez.publicvm.com:5554
worldsez.publicvm.com:5555
lighttech.publicvm.com:5550
lighttech.publicvm.com:5551
lighttech.publicvm.com:5552
lighttech.publicvm.com:5553
lighttech.publicvm.com:5554
lighttech.publicvm.com:5555
RV_MUTEX-IPcYBGldGoFYE
Signatures
-
RevengeRat Executable 1 IoCs
Processes:
resource yara_rule sample revengerat -
Revengerat family
Files
-
3f5d94ceb5367b224386438511aa78c245d977846a71fcd8ffa6c6470d1b3fe7.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ