revengerat | Client[.]exe | Triage

Sharing

General

Target

Client.exe
Size

111KB
MD5

688a4cb70081d9edb63c1c1aa41487e1
SHA1

3efe438b2b4a44f2dc7f02c6e1afe980e2a116d8
SHA256

4f6242573cd5b7b50a3091449e2df40fa3005d14a0389931b948782d11ab27e9
SHA512

4f5ef2d0538a3a38748d4c2378e15cd91bd0073ac28e093be7cb86a2d9ef29aaa667f07a516a169bd0e44ab09202914c8bdae9cf5cd1f5d543ebf3388222ad2b
SSDEEP

3072:0Bx88hg1dtEGiymTRNE18lEqtYDeQ9SYp1+:0w8OmTRNE14WDF7p1+

Score

10^/10

stealer guest revengerat

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

Pizd11337-26540.portmap.host:26540

Mutex

RV_MUTEX

Signatures

RevengeRat Executable 1 IoCs
stealer

Processes:

resource yara_rule

sample revengerat
Revengerat family
revengerat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Client.exe

Files

Client.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ