revengerat | 51c7f171a9d281863968bbb23445398d9a2285a094b8d204d5ac2efda7e23738

Analysis

max time kernel
140s
max time network
150s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
10-01-2025 13:32

Target

JaffaCakes118_e5815370f9ee53658b44517b23d1b50f.exe
Size

31KB
MD5

e5815370f9ee53658b44517b23d1b50f
SHA1

f7a8135350750dfb57326408ec8d8e923225f8ef
SHA256

51c7f171a9d281863968bbb23445398d9a2285a094b8d204d5ac2efda7e23738
SHA512

6c6a430b48fc9baa156b02f94385177d8b3f44192816221891300f6f752dcad4f158e8a73e8a889702a02746f9af0874e2807f9ebd358e98c39b948567ab121a
SSDEEP

768:8SgW1Fbzu/t8I1J//VRPKLsStY/PXdEtOn4hC3b:8Sl8yIL3VRPK1CtT

Score

10^/10

revengerat trojan

Family

revengerat

Mutex

RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat
Revengerat family
revengerat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2604	JaffaCakes118_e5815370f9ee53658b44517b23d1b50f.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e5815370f9ee53658b44517b23d1b50f.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e5815370f9ee53658b44517b23d1b50f.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2604

memory/2604-0-0x000007FEF58EE000-0x000007FEF58EF000-memory.dmp

Filesize
4KB

Download
memory/2604-1-0x00000000002A0000-0x00000000002A6000-memory.dmp

Filesize
24KB

Download
memory/2604-2-0x0000000000260000-0x0000000000268000-memory.dmp

Filesize
32KB

Download
memory/2604-3-0x000007FEF5630000-0x000007FEF5FCD000-memory.dmp

Filesize
9.6MB

Download
memory/2604-4-0x000007FEF5630000-0x000007FEF5FCD000-memory.dmp

Filesize
9.6MB

Download
memory/2604-5-0x000007FEF58EE000-0x000007FEF58EF000-memory.dmp

Filesize
4KB

Download
memory/2604-6-0x000007FEF5630000-0x000007FEF5FCD000-memory.dmp

Filesize
9.6MB

Download