Malware Analysis Report

2025-04-14 05:11

Sample ID 250111-esw9zstjbz
Target 88271db3546e63f0b5a769299165d230df7794aea1871f392cef9c074a068e9a.exe
SHA256 88271db3546e63f0b5a769299165d230df7794aea1871f392cef9c074a068e9a
Tags
stealer spam revengerat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

88271db3546e63f0b5a769299165d230df7794aea1871f392cef9c074a068e9a

Threat Level: Known bad

The file 88271db3546e63f0b5a769299165d230df7794aea1871f392cef9c074a068e9a.exe was found to be: Known bad.

Malicious Activity Summary

stealer spam revengerat

RevengeRat Executable

Revengerat family

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2025-01-11 04:12

Signatures

RevengeRat Executable

stealer
Description Indicator Process Target
N/A N/A N/A N/A

Revengerat family

revengerat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-11 04:12

Reported

2025-01-11 04:15

Platform

win7-20241010-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88271db3546e63f0b5a769299165d230df7794aea1871f392cef9c074a068e9a.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\88271db3546e63f0b5a769299165d230df7794aea1871f392cef9c074a068e9a.exe

"C:\Users\Admin\AppData\Local\Temp\88271db3546e63f0b5a769299165d230df7794aea1871f392cef9c074a068e9a.exe"

Network

N/A

Files

memory/2260-0-0x000007FEF628E000-0x000007FEF628F000-memory.dmp

memory/2260-1-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

memory/2260-2-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

memory/2260-3-0x000007FEF628E000-0x000007FEF628F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-11 04:12

Reported

2025-01-11 04:15

Platform

win10v2004-20241007-en

Max time kernel

135s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88271db3546e63f0b5a769299165d230df7794aea1871f392cef9c074a068e9a.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\88271db3546e63f0b5a769299165d230df7794aea1871f392cef9c074a068e9a.exe

"C:\Users\Admin\AppData\Local\Temp\88271db3546e63f0b5a769299165d230df7794aea1871f392cef9c074a068e9a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 60.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 201.64.52.20.in-addr.arpa udp

Files

memory/764-0-0x00007FFA36B75000-0x00007FFA36B76000-memory.dmp

memory/764-2-0x000000001BB60000-0x000000001C02E000-memory.dmp

memory/764-1-0x00007FFA368C0000-0x00007FFA37261000-memory.dmp

memory/764-3-0x000000001C0E0000-0x000000001C186000-memory.dmp

memory/764-4-0x000000001C2A0000-0x000000001C302000-memory.dmp

memory/764-5-0x00007FFA368C0000-0x00007FFA37261000-memory.dmp

memory/764-6-0x00007FFA36B75000-0x00007FFA36B76000-memory.dmp

memory/764-7-0x00007FFA368C0000-0x00007FFA37261000-memory.dmp