revengerat | 0d05942ce51fea8c8724dc6f3f9a6b3b077224f1f730feac3c84efe2d2d6d13e[.]zip

General

Target

0d05942ce51fea8c8724dc6f3f9a6b3b077224f1f730feac3c84efe2d2d6d13e.zip
Size

44KB
MD5

0db1d8ddc6eeb74965961de3258d83c4
SHA1

fab8246f1f5f6dcbc85de710547f0c173094a2cf
SHA256

b1e60654c8ec10842163c0b57224f1bbdbb9536dcd86da916a5d16379a08c7a9
SHA512

ed03cec02452862ad2ce60c83c7c251f8851ce9c5cd0ce94b68c827cd6d9d5510701bcf6819e146232297939d1f155962237c8915ab6d39e71aa231a74489ccd
SSDEEP

768:A6l48NHfsyokMU7GfyldygaVTQrJTaI3LRUlQuWEy91WhB3WUfKfPo4aeAix:AUuyoTUyfcA5VTQNW+N3JEy91Wf3WUob

Score

10^/10

Family

revengerat

Botnet

Guest

C2

127.0.0.1:1177

Mutex

RV_MUTEX-RZblRvZwfRtN

RevengeRat Executable 1 IoCs

stealer

resource	yara_rule
static1/unpack001/0d05942ce51fea8c8724dc6f3f9a6b3b077224f1f730feac3c84efe2d2d6d13e	revengerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0d05942ce51fea8c8724dc6f3f9a6b3b077224f1f730feac3c84efe2d2d6d13e

0d05942ce51fea8c8724dc6f3f9a6b3b077224f1f730feac3c84efe2d2d6d13e.zip
.zip

Password: infected
0d05942ce51fea8c8724dc6f3f9a6b3b077224f1f730feac3c84efe2d2d6d13e
.exe windows:4 windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ