General
-
Target
ClientHide.exe
-
Size
17KB
-
MD5
ae3f2f2fc13c130d70df126b14c51210
-
SHA1
dd62ba08f61818dd02436746a8d46bc3c05dac25
-
SHA256
21b4ab255d4c40540be00c93e10a274671812c7318f7f6a3fd2ebd92ba4e8b86
-
SHA512
64359bb252c0f0e189ec4a9f8bf6f910986b5bfa9857bb046bc7d07368982800c09699a8e7ef2aa65c6bfba324fa3a8b7cc0ba4625634389eef6895b40378adb
-
SSDEEP
384:+c0d1j2vP1cys8z6204/m5izTwhK/bmmABvRPJnMbES+kKoll3cbXsVK/yN2q92:+ci1QOK/6UKo8U3
Malware Config
Extracted
revengerat
TrapNET
44.33.44.33:333
67REeserssee3
Signatures
-
RevengeRat Executable 1 IoCs
resource yara_rule sample revengerat -
Revengerat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ClientHide.exe
Files
-
ClientHide.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ