revengerat | Lime[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Lime.exe
Size

16KB
MD5

ae976c67fb78de5cde6d535cd098eb61
SHA1

c6b5a709d62ab0f5d5efbf36252ebe063810085d
SHA256

f023a5cf17d2543ddde6af3ad6a34bce83f0c018cff116c875c139416d342e8b
SHA512

6b1327fa07fde75e005e6418260fd7900c60a333dba49404e9d202ff1cac0522a02393999c904be7c41b8771d1bc298bfb68ea3e20c5fee95e2e71e2f4660145
SSDEEP

384:RKswu7pCXeHoNIRbqF4OI3M/I7oNflnX9:RKsnINbZIoIY9X9

Score

10^/10

nyancatrevenge revengerat

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

127.0.0.1:333

Mutex

pHXJvbCGPPiC

Signatures

Revengerat family
revengerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Lime.exe

Files

Lime.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\chris\Desktop\heck\heck\Anarchy\Oxide-Src\Revenge-RAT v3 - NYANxCAT\RevengeRAT C# Stub\Lime\obj\Release\Lime.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ