revengerat | dd203194d0ea8460ac3173e861737a77fa684e5334503867e91a70acc7f73195[.]zip

General

Target

dd203194d0ea8460ac3173e861737a77fa684e5334503867e91a70acc7f73195.zip
Size

8KB
MD5

b0b33b5e5ee9cf229260602bf7eeeb51
SHA1

6fc24326f7cde649385de22607025ee0dd796e76
SHA256

3529b4f24984447fd6e5c67ed3c92ad4df89304c55504c3b944f63a8340f3148
SHA512

ccdc15258f15dfdf56523ac993324a9406e2a4567abeb3452e28a3fd5d4843c3667edc939b0bb27e012bb82d50fcdb230322deeb461c849e7f88c22183f2de7b
SSDEEP

192:+OtAqbuUWLRMks+MB3+ZdJIrP/NGP1hYNbQPMKQrU78gmU3OO:tt1hneJG3EP1cbQPp1iUeO

Score

10^/10

Family

revengerat

Botnet

Airport

C2

69.87.219.76:4040

Mutex

RV_MUTEX

RevengeRat Executable 1 IoCs

stealer

resource	yara_rule
static1/unpack001/dd203194d0ea8460ac3173e861737a77fa684e5334503867e91a70acc7f73195	revengerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dd203194d0ea8460ac3173e861737a77fa684e5334503867e91a70acc7f73195

dd203194d0ea8460ac3173e861737a77fa684e5334503867e91a70acc7f73195.zip
.zip

Password: infected
dd203194d0ea8460ac3173e861737a77fa684e5334503867e91a70acc7f73195
.exe windows:4 windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ