revengerat | 2024-10-19_752baff528973e3fb5e39d9d421c3d46_hiddentear_hijackloader

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-19_752baff528973e3fb5e39d9d421c3d46_hiddentear_hijackloader
Size

218KB
MD5

752baff528973e3fb5e39d9d421c3d46
SHA1

a7ee01c37ad1d63ecdb2a31443dafe828514c9b8
SHA256

ed07d8ea813aba7b5fd4112072351cd9274dd03c519f99600ac83e1cd5939180
SHA512

3b517f0964a718c281ce68e378be718a9c3199f3db31cb36154793de20eb67afa42c51962d061dcd481e15b6480e87b282c93248efe7aa168761d770c230aa0f
SSDEEP

3072:XaM8hiHBnlorz5SgNsxHGv2gnqdS1fWuhlQHqGM+lmsolAIrRuw+mqv9j1MWLQf:Xajg1l2z5zamNn4Kl+lDAAq

Score

10^/10

stealer revengerat

Malware Config

Signatures

RevengeRat Executable 1 IoCs
stealer

Processes:

resource yara_rule

sample revengerat
Revengerat family
revengerat
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

Processes:

resource yara_rule

sample net_reactor

resource	yara_rule
sample	revengerat

resource	yara_rule
sample	net_reactor

Files

2024-10-19_752baff528973e3fb5e39d9d421c3d46_hiddentear_hijackloader
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7c:0f:9e:6a:af:10:f8:4c:89:3a:cd:43:5c:d7:f8:fd
Certificate

Issuer

CN=Moscow LLC,OU=666,O=KITCHEN,L=emulation,ST=Z,C=Z

Not Before

09-10-2024 03:14

Not After

08-10-2025 00:00

Subject

CN=Moscow LLC,OU=666,O=KITCHEN,L=emulation,ST=Z,C=Z

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26-09-2024 00:00

Not After

25-11-2035 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7c:0f:9e:6a:af:10:f8:4c:89:3a:cd:43:5c:d7:f8:fd
Certificate

Issuer

CN=Moscow LLC,OU=666,O=KITCHEN,L=emulation,ST=Z,C=Z

Not Before

09-10-2024 03:14

Not After

08-10-2025 00:00

Subject

CN=Moscow LLC,OU=666,O=KITCHEN,L=emulation,ST=Z,C=Z

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26-09-2024 00:00

Not After

25-11-2035 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:86:1c:a2:02:e0:76:50:ca:85:16:d4:36:02:ef:e0:18:69:fa:a4:28:5f:ea:e9:d5:a4:b6:f9:9e:34:3d:3d
Signer

Actual PE Digest

1d:86:1c:a2:02:e0:76:50:ca:85:16:d4:36:02:ef:e0:18:69:fa:a4:28:5f:ea:e9:d5:a4:b6:f9:9e:34:3d:3d

Digest Algorithm

sha256

PE Digest Matches

true

df:0c:e8:5c:c6:cd:05:44:c9:ca:ef:aa:fb:fc:47:46:1d:a0:7a:18
Signer

Actual PE Digest

df:0c:e8:5c:c6:cd:05:44:c9:ca:ef:aa:fb:fc:47:46:1d:a0:7a:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7c:0f:9e:6a:af:10:f8:4c:89:3a:cd:43:5c:d7:f8:fdCertificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

7c:0f:9e:6a:af:10:f8:4c:89:3a:cd:43:5c:d7:f8:fdCertificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1d:86:1c:a2:02:e0:76:50:ca:85:16:d4:36:02:ef:e0:18:69:fa:a4:28:5f:ea:e9:d5:a4:b6:f9:9e:34:3d:3dSigner

df:0c:e8:5c:c6:cd:05:44:c9:ca:ef:aa:fb:fc:47:46:1d:a0:7a:18Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 104KB - Virtual size: 104KB

.rsrc Size: 99KB - Virtual size: 98KB

.reloc Size: 512B - Virtual size: 12B

7c:0f:9e:6a:af:10:f8:4c:89:3a:cd:43:5c:d7:f8:fd
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

7c:0f:9e:6a:af:10:f8:4c:89:3a:cd:43:5c:d7:f8:fd
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1d:86:1c:a2:02:e0:76:50:ca:85:16:d4:36:02:ef:e0:18:69:fa:a4:28:5f:ea:e9:d5:a4:b6:f9:9e:34:3d:3d
Signer

df:0c:e8:5c:c6:cd:05:44:c9:ca:ef:aa:fb:fc:47:46:1d:a0:7a:18
Signer

.text
Size: 104KB - Virtual size: 104KB

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 512B - Virtual size: 12B