Behavioral task
behavioral1
Sample
4756-135-0x0000000000400000-0x0000000000408000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4756-135-0x0000000000400000-0x0000000000408000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
4756-135-0x0000000000400000-0x0000000000408000-memory.dmp
-
Size
32KB
-
MD5
d8915bfaf00562010dbc686c41e12c13
-
SHA1
7475b220902fc2350945b025becdd9926956d0fb
-
SHA256
2241e7f0ad859029504c840c057d99775741d0bd19c8c9c7147d802bd94b3698
-
SHA512
d1e854e15be50f92135ef1af19e4f4a6583b48de6d4463456cd61356c0e5bc20f7a5b6fb780e0cee73967987f8d6daced02e3dc048af4599b0d5813b78e329e8
-
SSDEEP
384:qRCd+Oq9VxfkU4FL9oDPlMNcLlb5sVKjye5Ct:qRCd+Oq9VOHclMNEjo
Malware Config
Extracted
revengerat
May
mallorca.myftp.org:5198
mbvd.hopto.org:5198
RV_MUTEX-DlgZblRvZwfRtN
Signatures
-
RevengeRat Executable 1 IoCs
Processes:
resource yara_rule sample revengerat -
Revengerat family
Files
-
4756-135-0x0000000000400000-0x0000000000408000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ