revengerat | Nuclear Explosion[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Nuclear Explosion.exe
Size

17KB
MD5

395f9cb0c3fd755199d437273acee4dd
SHA1

b472ff3e074a8dd54367cd3917319cded41a6e57
SHA256

18b8d7822259edb75bda09e127853dbbb66f34f78e5769dac6dd341bbc97446b
SHA512

56bd5da5a8d27a6bfc147c3d779bfac8bac6b4ff3efef894f35cba353b86697a32439683aecce72f7371056fceeb5eddbb1d86f7da47dd13061ac05fe6cabce3
SSDEEP

384:VQ8MdMKVMr/a4AsInHUcE+l3rZAETxtnrfd:2M8XNlVAorfd

Score

10^/10

stealer %p%revengerat

Malware Config

Extracted

Family

revengerat

Botnet

%P%

C2

%H%:,

Mutex

,

Signatures

RevengeRat Executable 1 IoCs

resource	yara_rule
sample	revengerat

Revengerat family
revengerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Nuclear Explosion.exe

Files

Nuclear Explosion.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\chris\Desktop\heck\heck\Anarchy\Oxide-Src\Revenge-RAT v3 - NYANxCAT\Nuclear Explosion\Nuclear Explosion\obj\Release\Nuclear Explosion.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ