Overview

overview

10

Static

static

10

dba8e94820...3N.exe

windows7-x64

10

dba8e94820...3N.exe

windows10-2004-x64

10

$PLUGINSDI...SC.dll

windows7-x64

3

$PLUGINSDI...SC.dll

windows10-2004-x64

3

ETConnectServer.exe

windows7-x64

1

ETConnectServer.exe

windows10-2004-x64

1

ETConnectService.exe

windows7-x64

1

ETConnectService.exe

windows10-2004-x64

1

bin/MSLogonACL.exe

windows7-x64

1

bin/MSLogonACL.exe

windows10-2004-x64

3

bin/MSRC4Plugin.dll

windows7-x64

3

bin/MSRC4Plugin.dll

windows10-2004-x64

3

bin/SCHook.dll

windows7-x64

3

bin/SCHook.dll

windows10-2004-x64

3

bin/Secure...in.dll

windows7-x64

3

bin/Secure...in.dll

windows10-2004-x64

3

bin/authSSP.dll

windows7-x64

5

bin/authSSP.dll

windows10-2004-x64

3

bin/authadmin.dll

windows7-x64

3

bin/authadmin.dll

windows10-2004-x64

3

bin/ldapauth.dll

windows7-x64

3

bin/ldapauth.dll

windows10-2004-x64

3

bin/logging.dll

windows7-x64

5

bin/logging.dll

windows10-2004-x64

5

bin/logmessages.dll

windows7-x64

1

bin/logmessages.dll

windows10-2004-x64

1

bin/uvnc_settings.exe

windows7-x64

1

bin/uvnc_settings.exe

windows10-2004-x64

1

bin/vnchooks.dll

windows7-x64

3

bin/vnchooks.dll

windows10-2004-x64

3

bin/vncviewer.exe

windows7-x64

3

bin/vncviewer.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dba8e948206d56025bdbf1471cf7a2defc33fbc2bbde0c5634361d661d67ab93N.exe

  • Size

    2.1MB

  • MD5

    0083bb621656471496f60d1973318730

  • SHA1

    2d0209b0f14a8279efd85589dfb33b9b31fab77e

  • SHA256

    dba8e948206d56025bdbf1471cf7a2defc33fbc2bbde0c5634361d661d67ab93

  • SHA512

    178833c13dee9466e2c8123280fb203c07b13831b1711d4687ce8495c28f1160c7a893c9a5d6a6874d6f44c1c21e5fb571221824248f13f9bfc3f08f61f3d28e

  • SSDEEP

    49152:PhxkP/I9K3pr4ZCOz5xLmKot5C7UzaxVlHAlImt4+O5XK2v0uV+g:AoQ3V4IGxLmKK4PA6E1GXzM4

Score
10/10
stealerrevengerat

Malware Config

Signatures

  • RevengeRat Executable 1 IoCs
    stealer
  • Revengerat family
    revengerat
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • dba8e948206d56025bdbf1471cf7a2defc33fbc2bbde0c5634361d661d67ab93N.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/SimpleSC.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • ETConnectServer.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • ETConnectService.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • bin/License.txt
  • bin/MSLogonACL.exe
    .exe windows:5 windows x86 arch:x86

    adb7e2a43f09a9a47cd056b7e69408d7


    Code Sign

    Headers

    Imports

    Sections

  • bin/MSRC4Plugin.dsm
    .dll windows:5 windows x86 arch:x86

    87ecc1229750c6f9f8206cf2270f58cd


    Headers

    Imports

    Exports

    Sections

  • bin/Readme.txt
  • bin/SCHook.dll
    .dll windows:5 windows x86 arch:x86

    6a8046303500a80b7a2bd93c47a1e418


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • bin/SecureVNCPlugin.dsm
    .dll windows:5 windows x86 arch:x86

    8779dd3e59d852b27345450887f9edad


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • bin/Whatsnew.txt
  • bin/authSSP.dll
    .dll windows:5 windows x86 arch:x86

    fb11703074f70d332823f83f3261de88


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • bin/authadmin.dll
    .dll windows:5 windows x86 arch:x86

    0ec295e6451db3ac014343423549eb14


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • bin/ldapauth.dll
    .dll windows:5 windows x86 arch:x86

    902a55c162fcc3a0025c09edf13b4ca8


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • bin/logging.dll
    .dll windows:5 windows x86 arch:x86

    3abf84a18a952d49be459708bf1a7210


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • bin/logmessages.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • bin/uninstall.exe.nsis
  • bin/uvnc_settings.exe
    .exe windows:5 windows x64 arch:x64

    1a6402e2266eaae456c5566ee52340bb


    Code Sign

    Headers

    Imports

    Sections

  • bin/vnchooks.dll
    .dll windows:5 windows x86 arch:x86

    7f4da8771da8c562b29ae36a80f3a6f1


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • bin/vncviewer.exe
    .exe windows:5 windows x86 arch:x86

    fbe336288959a09e46bef680a6c965b2


    Code Sign

    Headers

    Imports

    Sections

  • bin/winvnc.exe
    .exe windows:5 windows x86 arch:x86

    b290519c0b799d4eac4125ed9d41f186


    Code Sign

    Headers

    Imports

    Sections

  • bin/workgrpdomnt4.dll
    .dll windows:5 windows x86 arch:x86

    c13b42306ca4346ef56bf678970ff101


    Code Sign

    Headers

    Imports

    Exports

    Sections