revengerat | cd13ea6d49b909c9b85b67cb549755bfc3a0d2d4eb34a16cbb75ce6af3256691[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

cd13ea6d49b909c9b85b67cb549755bfc3a0d2d4eb34a16cbb75ce6af3256691.exe
Size

31KB
MD5

1d3916d851e22b08adf4421bf31ddecc
SHA1

a1a45bb7b754c604c139470dbcf6a08e2f01a2c9
SHA256

cd13ea6d49b909c9b85b67cb549755bfc3a0d2d4eb34a16cbb75ce6af3256691
SHA512

00b2f4d78ab5a540b1eac5d596b4a839500f647dda06d8d37cd0ce46a4483aa89973569bdf2a7ea7050eafa8cc2dc8c775fccbc242b34d17c8e9b171619b954d
SSDEEP

384:IG2mnny19npjllT9oDPlMNcLlb5sVKFyn5Ctj4XuJZwtfXbMpBjSr8f0DBRJPWBo:IG2mnny19tfclMNE8otHw8w1Pmo

Score

10^/10

stealer guest revengerat

Malware Config

Extracted

Family

revengerat

Botnet

Guest

127.0.0.1:4444

127.0.0.1:1337

192.168.1.3:4444

192.168.1.3:1337

Mutex

RV_MUTEX

Signatures

RevengeRat Executable 1 IoCs
stealer

Processes:

resource yara_rule

sample revengerat
Revengerat family
revengerat

resource	yara_rule
sample	revengerat

Files

cd13ea6d49b909c9b85b67cb549755bfc3a0d2d4eb34a16cbb75ce6af3256691.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:01:0d:4b:e1:d4:0b:2c:ea:40:22:00:00:00:00:01:0d
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2018 20:20

Not After

23-11-2019 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:D082-4BFD-EEBA,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:5d:47:bb:9d:78:1c:f7:91:0c:00:01:00:00:00:5d
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-09-2018 20:38

Not After

06-09-2019 20:38

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0a:59:2b:00:00:00:00:00:3b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

11-02-2016 23:24

Not After

09-05-2021 23:28

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:c3:13:a0:85:c3:56:e2:99:d7:00:00:00:00:01:c3
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-07-2018 20:45

Not After

26-07-2019 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:0c:e0:98:89:c5:ae:06:cf:14:94:a8:ae:cf:61:07:8f:2c:ad:b8:5e:7b:4b:8b:c4:fd:6b:e6:ed:09:9f:5a
Signer

Actual PE Digest

df:0c:e0:98:89:c5:ae:06:cf:14:94:a8:ae:cf:61:07:8f:2c:ad:b8:5e:7b:4b:8b:c4:fd:6b:e6:ed:09:9f:5a

Digest Algorithm

sha256

PE Digest Matches

false

be:a5:8c:af:e0:e7:12:44:46:5d:3d:57:9b:6b:44:0a:82:8a:58:bf
Signer

Actual PE Digest

be:a5:8c:af:e0:e7:12:44:46:5d:3d:57:9b:6b:44:0a:82:8a:58:bf

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:01:0d:4b:e1:d4:0b:2c:ea:40:22:00:00:00:00:01:0dCertificate

Extended Key Usages

33:00:00:00:5d:47:bb:9d:78:1c:f7:91:0c:00:01:00:00:00:5dCertificate

Extended Key Usages

61:0a:59:2b:00:00:00:00:00:3bCertificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:01:c3:13:a0:85:c3:56:e2:99:d7:00:00:00:00:01:c3Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

df:0c:e0:98:89:c5:ae:06:cf:14:94:a8:ae:cf:61:07:8f:2c:ad:b8:5e:7b:4b:8b:c4:fd:6b:e6:ed:09:9f:5aSigner

be:a5:8c:af:e0:e7:12:44:46:5d:3d:57:9b:6b:44:0a:82:8a:58:bfSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 15KB - Virtual size: 15KB

.reloc Size: 512B - Virtual size: 12B

33:00:00:01:0d:4b:e1:d4:0b:2c:ea:40:22:00:00:00:00:01:0d
Certificate

33:00:00:00:5d:47:bb:9d:78:1c:f7:91:0c:00:01:00:00:00:5d
Certificate

61:0a:59:2b:00:00:00:00:00:3b
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:c3:13:a0:85:c3:56:e2:99:d7:00:00:00:00:01:c3
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

df:0c:e0:98:89:c5:ae:06:cf:14:94:a8:ae:cf:61:07:8f:2c:ad:b8:5e:7b:4b:8b:c4:fd:6b:e6:ed:09:9f:5a
Signer

be:a5:8c:af:e0:e7:12:44:46:5d:3d:57:9b:6b:44:0a:82:8a:58:bf
Signer

.text
Size: 15KB - Virtual size: 15KB

.reloc
Size: 512B - Virtual size: 12B