Behavioral task
behavioral1
Sample
sinple.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
sinple.exe
Resource
win10v2004-20230220-en
General
-
Target
sinple.exe
-
Size
137KB
-
MD5
0923eeaec8c777e7d62d15fd71c46aaf
-
SHA1
17e5d701a931468b17e49f06b3eddc5d88a4dcf3
-
SHA256
06a0a8d963239e64adfedf7332c222e2beaf2aa4ab971bc1c9e5b9804a30ee6f
-
SHA512
9847456153f74f06b2db1bec6eb4d3059e3d25932f2ed2164f9faec1b63dced1567d183c7698bf7ea18f7c9c2af198b37e10af38fbc5d91d43eb066fbf14cf99
-
SSDEEP
1536:kH6WZp3eiNTQutHV/R6T3wLa0k2lMh61vceasJ1UIkEQLQ7qdLvMVlpby0INC:KVpupY/U3w2H4hceJhZAQ7aLvMVy0Iw
Malware Config
Signatures
-
RevengeRat Executable 1 IoCs
Processes:
resource yara_rule sample revengerat -
Revengerat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource sinple.exe
Files
-
sinple.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 136KB - Virtual size: 135KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 320B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ