revengerat | Client[.]exe | Triage

Sharing

General

Target

Client.exe
Size

23KB
MD5

12127e146732656cfc4877ad45d22ed4
SHA1

73e3b4c65b813dea1bca2a269e85740105c53718
SHA256

0fb3580100336efca6c544a8c1d06591e8a579dce56dab29ffec305d3604abae
SHA512

5ff955385a1de1add44eb4cc597b5c78db757c46a706d543c83fc53de5d39fa4935cd4fd5b9d382117c7886f02452ba8e40d47ec97d2cc766b499281ce467ff8
SSDEEP

384:eb+cnNz7glTgMnmrBcNFEhmisbYpPyzAVFCzYcHe+Z:ebtlcjsCAV8zYcHe+Z

Score

10^/10

stealer guest revengerat

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

127.0.0.1:333

Mutex

RV_MUTEX

Signatures

RevengeRat Executable 1 IoCs

resource	yara_rule
sample	revengerat

Revengerat family
revengerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Client.exe

Files

Client.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ