Analysis
-
max time kernel
33s -
max time network
37s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2023 11:19
Behavioral task
behavioral1
Sample
56436.exe
Resource
win7-20230220-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
56436.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
56436.exe
-
Size
17KB
-
MD5
c809335d893e45403a4b3a2f057912d4
-
SHA1
e98ccab279d633a8ab0e66ad7812fb4d5a656dba
-
SHA256
fff181b9a2ba6244e9509682573d004071f06825637a0c46bf50f3dad73b1fa4
-
SHA512
5f67a1088350510ba24a2688a6d486d7a61e983dc84475918e54da08ecd1cc7eddbccd6b51bc94593d756703e3e8b1edbcefe1312a2bc06416502a0fed657d14
-
SSDEEP
384:9GDRfRdKatRiWfu+/oEIPJvnbisVKi6yrLu2s2:9GF5dKat32+IRmua2
Score
10/10
Malware Config
Extracted
Family
revengerat
Botnet
Guest
C2
structure-processor.at.ply.gg:45659
Mutex
RV_MUTEX
Signatures
-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
RevengeRat Executable 2 IoCs
Processes:
resource yara_rule behavioral2/memory/652-133-0x0000000000230000-0x0000000000238000-memory.dmp revengerat behavioral2/memory/652-134-0x0000000000AB0000-0x0000000000AC0000-memory.dmp revengerat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
56436.exedescription pid process Token: SeDebugPrivilege 652 56436.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/652-133-0x0000000000230000-0x0000000000238000-memory.dmpFilesize
32KB
-
memory/652-134-0x0000000000AB0000-0x0000000000AC0000-memory.dmpFilesize
64KB
-
memory/652-135-0x000000001B750000-0x000000001BC1E000-memory.dmpFilesize
4.8MB
-
memory/652-136-0x0000000000CE0000-0x0000000000D86000-memory.dmpFilesize
664KB
-
memory/652-137-0x000000001BCF0000-0x000000001BD52000-memory.dmpFilesize
392KB
-
memory/652-138-0x0000000000AB0000-0x0000000000AC0000-memory.dmpFilesize
64KB