Malware Analysis Report

2025-04-14 05:12

Sample ID 250104-er63ss1key
Target JaffaCakes118_778c3834a17f5a5cecabf2ac83518700
SHA256 f279b8dc49b6b7c1e56efe283edf150ede3c7ffe24777d9709768ed5f4c7f945
Tags
stealer revengerat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f279b8dc49b6b7c1e56efe283edf150ede3c7ffe24777d9709768ed5f4c7f945

Threat Level: Known bad

The file JaffaCakes118_778c3834a17f5a5cecabf2ac83518700 was found to be: Known bad.

Malicious Activity Summary

stealer revengerat

RevengeRat Executable

Revengerat family

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2025-01-04 04:11

Signatures

RevengeRat Executable

stealer
Description Indicator Process Target
N/A N/A N/A N/A

Revengerat family

revengerat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-04 04:11

Reported

2025-01-04 04:14

Platform

win7-20240903-en

Max time kernel

118s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_778c3834a17f5a5cecabf2ac83518700.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_778c3834a17f5a5cecabf2ac83518700.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_778c3834a17f5a5cecabf2ac83518700.exe"

Network

N/A

Files

memory/1624-0-0x000007FEF683E000-0x000007FEF683F000-memory.dmp

memory/1624-1-0x000007FEF6580000-0x000007FEF6F1D000-memory.dmp

memory/1624-2-0x000007FEF6580000-0x000007FEF6F1D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-04 04:11

Reported

2025-01-04 04:14

Platform

win10v2004-20241007-en

Max time kernel

96s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_778c3834a17f5a5cecabf2ac83518700.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_778c3834a17f5a5cecabf2ac83518700.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_778c3834a17f5a5cecabf2ac83518700.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 166.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 8.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/1196-0-0x00007FFE01305000-0x00007FFE01306000-memory.dmp

memory/1196-1-0x00007FFE01050000-0x00007FFE019F1000-memory.dmp

memory/1196-2-0x000000001C0A0000-0x000000001C56E000-memory.dmp

memory/1196-3-0x000000001C620000-0x000000001C6C6000-memory.dmp

memory/1196-4-0x000000001C7B0000-0x000000001C84C000-memory.dmp

memory/1196-5-0x00000000017E0000-0x00000000017E8000-memory.dmp

memory/1196-6-0x00007FFE01050000-0x00007FFE019F1000-memory.dmp

memory/1196-8-0x00007FFE01050000-0x00007FFE019F1000-memory.dmp