revengerat | crypted[.]bin | Triage

Sharing

General

Target

crypted.bin
Size

14KB
MD5

97b83a956acfd1d88df14a123a71ddca
SHA1

d6f0b6d6543d18e570c57f1095e9a9eab97f24fe
SHA256

8bfdd772fb6c76463e5183114bd85834eb32c8210e0dd5346d789fe038dfd552
SHA512

7e1c9891778c15707870f1b1b1bbf2c2b4bea6ef2f9d6eea035581d6828f4d0f240b0cb04e05cb5f979840aa84d11fce240728702b1735f01f10105797058fbe
SSDEEP

192:e+8C+EKS0O9ejYTDG8bcp4LlXunieXubWyD9JEBkGxVXOqoNYRJE:eNVjYTDG8gp2NeXTyD3EnxpoNn

Score

10^/10

nyancatrevenge revengerat

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

marcelotatuape.ddns.net:333

Mutex

2180459765

Signatures

Revengerat family
revengerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
crypted.bin

Files

crypted.bin
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ