General
-
Target
ClientPress.exe
-
Size
16KB
-
MD5
5c0fb2f20831b19d7a7f53bd40384fe2
-
SHA1
850da9b7e109466ff784c52aa8fd335c7a0cf015
-
SHA256
0216971d844469c4dd38583454bf60d1e404292720bd19633efc880387a2bc97
-
SHA512
0eac28b076e2d6aa4041382a6d321e76371ed513123d9a4831c134b5a4af5c2d06bcdf4d4f53dba958476ce09882fa2ca75034d278f56c6196cb8980039f8ac1
-
SSDEEP
384:qq/5gtLhlVD/Ng7b9oDPlMNcLlb5sVKXyz5Ct:qq/5gphlVhWclMNEuo
Malware Config
Extracted
revengerat
TrapNET
44.33.44.33:333
67REeserssee3
Signatures
-
RevengeRat Executable 1 IoCs
resource yara_rule sample revengerat -
Revengerat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ClientPress.exe
Files
-
ClientPress.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ