Behavioral task
behavioral1
Sample
1f5ea06e1c469341653dbec2e519e573_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
1f5ea06e1c469341653dbec2e519e573_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
1f5ea06e1c469341653dbec2e519e573_JaffaCakes118
-
Size
16KB
-
MD5
1f5ea06e1c469341653dbec2e519e573
-
SHA1
37284c7805b0044e2c8f7a1ebf486f53c1c8721e
-
SHA256
6e583adac8898dc310ba84f6feb3c1c3582ca89b36297cf797959b7763964a10
-
SHA512
ce2b81f253499f95f2b430713978e76393219472d80806cb4ef6df6d3d2ecccd03bfcbe851e2c16fbaa8a02d6ad7cc10804f3cea36cbf1dbf0b7c32df8697d7a
-
SSDEEP
384:52/mDvD2lVzGOGUn9muhNculb5s1AwiNym5Ct:52/mDvD2lVt3wuhNfSso
Malware Config
Extracted
revengerat
PARROT-SECURITY
2.tcp.ngrok.io:18683
RV_MUTEX-krWydXrPoStk
Signatures
-
RevengeRat Executable 1 IoCs
Processes:
resource yara_rule sample revengerat -
Revengerat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1f5ea06e1c469341653dbec2e519e573_JaffaCakes118
Files
-
1f5ea06e1c469341653dbec2e519e573_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ