revengerat | 1d98a73f2a9fd2de42950b4b1c7f9de1cf7ec6d56523565675b51410274b9ab8

Analysis

max time kernel
21s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
08-05-2023 14:30

Target

Client.exe
Size

101KB
MD5

090f262b8a9b0787153b25d5f56b7ad2
SHA1

fde298860db49eb41a08434243a8259a01ca1043
SHA256

1d98a73f2a9fd2de42950b4b1c7f9de1cf7ec6d56523565675b51410274b9ab8
SHA512

ee2d19d95d92b0269f493a0666bd73b1e0ef6224f9773f41bde46515865c8e060bf6ce262c253ed64564bcc0137efebab2ee43e67700ba43a22002c07ad85572
SSDEEP

1536:uu+z/aQkPlpqNZoMoj58oZJbZseudD/FB3BINVRX3FjBqatD3tSYl9h:EMlpqNZoMS58oZJ9shx3BINZjH9SYl

Score

10^/10

Family

revengerat

Botnet

Guest

127.0.0.1:333

Mutex

RV_MUTEX

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat

RevengeRat Executable 2 IoCs

stealer

Processes:

resource	yara_rule
behavioral1/memory/1724-54-0x00000000008D0000-0x00000000008EE000-memory.dmp	revengerat
behavioral1/memory/1724-55-0x0000000001FE0000-0x0000000002060000-memory.dmp	revengerat

Suspicious behavior: EnumeratesProcesses 15 IoCs

Processes:

taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

1464 taskmgr.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

Client.exetaskmgr.exe

description pid process

Token: SeDebugPrivilege 1724 Client.exe
Token: SeDebugPrivilege 1464 taskmgr.exe

description	pid	process
Token: SeDebugPrivilege	1724	Client.exe
Token: SeDebugPrivilege	1464	taskmgr.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

taskmgr.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1724

memory/1464-56-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1464-57-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1464-59-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1464-60-0x0000000002070000-0x0000000002071000-memory.dmp

Filesize
4KB

Download
memory/1724-54-0x00000000008D0000-0x00000000008EE000-memory.dmp

Filesize
120KB

Download
memory/1724-55-0x0000000001FE0000-0x0000000002060000-memory.dmp

Filesize
512KB

Download
memory/1724-58-0x0000000001FE0000-0x0000000002060000-memory.dmp

Filesize
512KB

Download