Behavioral task
behavioral1
Sample
4e91dc14d0580ab07a63425e9c868b4f1d0f1a75fc1ec937b7081782443e2085.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
4e91dc14d0580ab07a63425e9c868b4f1d0f1a75fc1ec937b7081782443e2085.exe
Resource
win10v2004-20220414-en
General
-
Target
4e91dc14d0580ab07a63425e9c868b4f1d0f1a75fc1ec937b7081782443e2085
-
Size
16KB
-
MD5
12eccb51e97308e9e6cb0b528872bc39
-
SHA1
8f9225c42aef64e1dc1ce142d2b099b7f22b7e95
-
SHA256
4e91dc14d0580ab07a63425e9c868b4f1d0f1a75fc1ec937b7081782443e2085
-
SHA512
f384e301a820499f51a9e7bfd57d77d91a6550fdfa148c9d6efc33fdd0397f215a613ef599b1783601e195ef15f3bd4ceb409d0e0e49a940de93d9851f2f4154
-
SSDEEP
384:kRFaXOq9VxP+uGL9oDPlMNcLlb5sVKGys5Ct:kRFaXOq9VEhclMNEWo
Malware Config
Extracted
revengerat
Guest
0.tcp.ngrok.io:18163
RV_MUTEX
Signatures
-
RevengeRat Executable 1 IoCs
Processes:
resource yara_rule sample revengerat -
Revengerat family
Files
-
4e91dc14d0580ab07a63425e9c868b4f1d0f1a75fc1ec937b7081782443e2085.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ