Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
acec05fb087440c24b6ac8a15051b8fc7fdfd92bdf458b165e1e19265395b595.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
acec05fb087440c24b6ac8a15051b8fc7fdfd92bdf458b165e1e19265395b595.exe
Resource
win10v2004-20240802-en
General
-
Target
acec05fb087440c24b6ac8a15051b8fc7fdfd92bdf458b165e1e19265395b595.exe
-
Size
17KB
-
MD5
af48897e401a79baf8086585c18cf8fe
-
SHA1
44e9a2699d07cbba45493000287ab5dfbe86df77
-
SHA256
acec05fb087440c24b6ac8a15051b8fc7fdfd92bdf458b165e1e19265395b595
-
SHA512
c65d348d3225e86909e33e9ef9717be72ea7f934b673f82748907f927c459c39e739dcb3ebcfc029b3fdd81d7a528cd2a025d01b28ded04a604a6375b13b8ea1
-
SSDEEP
192:NWnNnAi9HEsjSXOLqaJN5MoiwH7abHG+jR9nsVVI+2ky0C+2c:NWnJ9HaOEoiwH7ab9sVK+2ky0C+2c
Malware Config
Extracted
revengerat
Guest
tzii.myq-see.com:888
RV_MUTEX-IUnoWrUUgHRHXJv
Signatures
-
RevengeRat Executable 1 IoCs
resource yara_rule sample revengerat -
Revengerat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource acec05fb087440c24b6ac8a15051b8fc7fdfd92bdf458b165e1e19265395b595.exe
Files
-
acec05fb087440c24b6ac8a15051b8fc7fdfd92bdf458b165e1e19265395b595.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ