revengerat | 2024-10-21_006986d8a6ad033254b9f167b6798789_hiddentear_hijackloader

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-21_006986d8a6ad033254b9f167b6798789_hiddentear_hijackloader
Size

194KB
MD5

006986d8a6ad033254b9f167b6798789
SHA1

7808b437890814ae5477e9973a2b9da084ceeafc
SHA256

c6e9096a68fa763292e35badb3cb5a3d52b7689506dc236441373ecffaa6076f
SHA512

98f8ecc980ea6cfb5bd132dae4c7c3210fa1dcf13056c011e5b3ea411b8c835d196f21dcec19f637875b1d6f21c548f34e53a879ed1a93a6e8a7d28fed530fdf
SSDEEP

3072:zpx843xQODRkD5/Ti3EMeM+lmsolAIrRuw+mqv9j1MWLQX:zpX5R79+lDAA

Score

10^/10

stealer revengerat

Malware Config

Signatures

RevengeRat Executable 1 IoCs

stealer

resource	yara_rule
sample	revengerat

Revengerat family
revengerat

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Files

2024-10-21_006986d8a6ad033254b9f167b6798789_hiddentear_hijackloader
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

07:b9:4d:c8:74:2a:0b:40:b3:ad:bb:5b:a9:da:9f:8d
Certificate

Issuer

CN=Moscow Z LLC,OU=666,O=Bitrix,L=Mountian,ST=Russia,C=Z

Not Before

15/10/2024, 06:01

Not After

15/10/2025, 00:00

Subject

CN=Moscow Z LLC,OU=666,O=Bitrix,L=Mountian,ST=Russia,C=Z

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:b9:4d:c8:74:2a:0b:40:b3:ad:bb:5b:a9:da:9f:8d
Certificate

Issuer

CN=Moscow Z LLC,OU=666,O=Bitrix,L=Mountian,ST=Russia,C=Z

Not Before

15/10/2024, 06:01

Not After

15/10/2025, 00:00

Subject

CN=Moscow Z LLC,OU=666,O=Bitrix,L=Mountian,ST=Russia,C=Z

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:af:3c:81:ff:86:5b:80:c5:7e:af:2a:ff:58:31:46:79:aa:b0:7f:0e:30:5d:e8:3e:fb:c1:7e:a5:01:8f:91
Signer

Actual PE Digest

fe:af:3c:81:ff:86:5b:80:c5:7e:af:2a:ff:58:31:46:79:aa:b0:7f:0e:30:5d:e8:3e:fb:c1:7e:a5:01:8f:91

Digest Algorithm

sha256

PE Digest Matches

true

6a:45:bc:3c:d6:0b:6e:a8:ed:e7:47:f5:56:da:c3:c5:09:50:99:8a
Signer

Actual PE Digest

6a:45:bc:3c:d6:0b:6e:a8:ed:e7:47:f5:56:da:c3:c5:09:50:99:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

07:b9:4d:c8:74:2a:0b:40:b3:ad:bb:5b:a9:da:9f:8dCertificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:b9:4d:c8:74:2a:0b:40:b3:ad:bb:5b:a9:da:9f:8dCertificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

fe:af:3c:81:ff:86:5b:80:c5:7e:af:2a:ff:58:31:46:79:aa:b0:7f:0e:30:5d:e8:3e:fb:c1:7e:a5:01:8f:91Signer

6a:45:bc:3c:d6:0b:6e:a8:ed:e7:47:f5:56:da:c3:c5:09:50:99:8aSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 81KB - Virtual size: 80KB

.rsrc Size: 99KB - Virtual size: 98KB

.reloc Size: 512B - Virtual size: 12B

07:b9:4d:c8:74:2a:0b:40:b3:ad:bb:5b:a9:da:9f:8d
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:b9:4d:c8:74:2a:0b:40:b3:ad:bb:5b:a9:da:9f:8d
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

fe:af:3c:81:ff:86:5b:80:c5:7e:af:2a:ff:58:31:46:79:aa:b0:7f:0e:30:5d:e8:3e:fb:c1:7e:a5:01:8f:91
Signer

6a:45:bc:3c:d6:0b:6e:a8:ed:e7:47:f5:56:da:c3:c5:09:50:99:8a
Signer

.text
Size: 81KB - Virtual size: 80KB

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 512B - Virtual size: 12B