revengerat | Client‮4PM[.][.]exe | Triage

Sharing

General

Target

Client‮4PM..exe
Size

110KB
MD5

daff18d429d8e204c64744a3a88ba2ba
SHA1

1114cad32e4cd92fde15074d9dc99d8566d79b6c
SHA256

51fc1cf2dbaed0c5ff69592c4cd4a6f1d64aedebb981ead20713dfc940e86ce5
SHA512

848f40484c50c2eaa7d02419aa0b7d10f8689724ad1053f72fccf1d30c2e574e6298e4c715091b5fdb4b5510461eb595acb1a6137edb641dbd2b7ef8a6a3c9e0
SSDEEP

1536:BaSUrc/jYJ4c6hFJQn5pNS9jO8jc2jadmn+3iDBq+KD3tSYCz9+:gSUejMaFGn/ejO8jcqadKDG9SYy9+

Score

10^/10

stealer guest revengerat

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

applications-tri.at.ply.gg:28896

Mutex

Updater

Signatures

RevengeRat Executable 1 IoCs
stealer

Processes:

resource yara_rule

sample revengerat
Revengerat family
revengerat

Files

Client‮4PM..exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ