revengerat | 56436[.]exe | Triage

Resubmissions

03-06-2023 11:19

230603-ne3dhsge65 10

03-06-2023 11:03

230603-m5sfkage45 10

Sharing

General

Target

56436.exe
Size

17KB
MD5

c809335d893e45403a4b3a2f057912d4
SHA1

e98ccab279d633a8ab0e66ad7812fb4d5a656dba
SHA256

fff181b9a2ba6244e9509682573d004071f06825637a0c46bf50f3dad73b1fa4
SHA512

5f67a1088350510ba24a2688a6d486d7a61e983dc84475918e54da08ecd1cc7eddbccd6b51bc94593d756703e3e8b1edbcefe1312a2bc06416502a0fed657d14
SSDEEP

384:9GDRfRdKatRiWfu+/oEIPJvnbisVKi6yrLu2s2:9GF5dKat32+IRmua2

Score

10^/10

stealer guest revengerat

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

structure-processor.at.ply.gg:45659

Mutex

RV_MUTEX

Signatures

RevengeRat Executable 1 IoCs
stealer

Processes:

resource yara_rule

sample revengerat
Revengerat family
revengerat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

56436.exe

Files

56436.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ