Behavioral task
behavioral1
Sample
Client4PM..exe
Resource
win10v2004-20220812-en
General
-
Target
Client4PM..exe
-
Size
110KB
-
MD5
daff18d429d8e204c64744a3a88ba2ba
-
SHA1
1114cad32e4cd92fde15074d9dc99d8566d79b6c
-
SHA256
51fc1cf2dbaed0c5ff69592c4cd4a6f1d64aedebb981ead20713dfc940e86ce5
-
SHA512
848f40484c50c2eaa7d02419aa0b7d10f8689724ad1053f72fccf1d30c2e574e6298e4c715091b5fdb4b5510461eb595acb1a6137edb641dbd2b7ef8a6a3c9e0
-
SSDEEP
1536:BaSUrc/jYJ4c6hFJQn5pNS9jO8jc2jadmn+3iDBq+KD3tSYCz9+:gSUejMaFGn/ejO8jcqadKDG9SYy9+
Malware Config
Extracted
revengerat
Guest
applications-tri.at.ply.gg:28896
Updater
Signatures
-
RevengeRat Executable 1 IoCs
Processes:
resource yara_rule sample revengerat -
Revengerat family
Files
-
Client4PM..exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 106KB - Virtual size: 106KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ