File name: | Revenge-RAT v0.3.zip |
Full analysis: | https://app.any.run/tasks/a94cb07f-d964-42eb-9b24-1386e11c0b2d |
Verdict: | Malicious activity |
Analysis date: | January 25, 2022, 01:40:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 264C556A21E6BD714FABD6BF2D549AEA |
SHA1: | 63A3AB88273C8EA9F763B41FD6B6D63C00F8CB41 |
SHA256: | F040C6808BD01F2529E85503975BEC58183479EB96EB728904B22B55501F1083 |
SSDEEP: | 196608:9Q8xImKeFmUHxb252Rf+XyupB6BaBNJGjccPMhlk1sCDN2yy:O8xDx+2RmL6yHGjRMQCoUr |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Revenge-RAT v0.3/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2017:09:03 05:40:21 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2604 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Revenge-RAT v0.3.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
3836 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) | ||||
3472 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Revenge-RAT v0.3\Revenge-RAT v0.3\Revenge-RAT Client Source Code.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2604 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2604.1689\Revenge-RAT v0.3\Revenge-RAT v0.3\Database\2017-09-02\1-00-29 PM.log | text | |
MD5:96130BBAF9F6C9A50853EB11E87DA739 | SHA256:DB793D5DC42F270D63F83E1F60A07960F456B4F9D05BB6FCE509E942B9ACC0F7 | |||
2604 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2604.1689\Revenge-RAT v0.3\Revenge-RAT v0.3\Database\2017-09-02\11-44-44 AM.log | text | |
MD5:3F6594CB2CBD1FB60792FD14689ADB86 | SHA256:087E1D9EC13B9F1205ED6BDD7CACCBD3466F599C9EC6FFF574EBEEA5C8B97AD1 | |||
2604 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2604.1689\Revenge-RAT v0.3\Revenge-RAT v0.3\Database\2017-09-02\1-05-39 PM.log | text | |
MD5:FE0FAFC7B8954E96CDE20D0BE94939B7 | SHA256:6BBFA4874F07F35100BE289F0953E4004FC465948125512A443EE1EA08AF1302 | |||
2604 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2604.1689\Revenge-RAT v0.3\Revenge-RAT v0.3\Database\2017-08-15\9-38-45 .log | text | |
MD5:4068629A0DC1CD2EDF90D0A50DB557D1 | SHA256:E0E24B22ACD7D0F8A975D29FBCDB960449B2E8CBC0CE42BFE60A5A9730662336 | |||
2604 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2604.1689\Revenge-RAT v0.3\Revenge-RAT v0.3\Database\2017-09-06\3-16-33 PM.log | text | |
MD5:4E2518A1AB7193103EF4E286643C7741 | SHA256:39E7B4B0562245D3E04929C0835796A5C350B9F3DA861EFC397DAAC96A414C24 | |||
2604 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2604.1689\Revenge-RAT v0.3\Revenge-RAT v0.3\Database\2017-09-02\11-45-59 AM.log | text | |
MD5:BBD57D374D460D109AD6CC895EB8C659 | SHA256:0D6FE558EDEB13BED9E92275D0D0F1A5E61FF482B9F46AE7ED20066DBAF56508 | |||
2604 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2604.1689\Revenge-RAT v0.3\Revenge-RAT v0.3\Database\2017-09-02\1-01-01 PM.log | text | |
MD5:5037F3AC24F4A4E6FBF30C2AC06FD6C3 | SHA256:03AFB7ACBE47C74D2D832F1C3DDFE86D5A5C5C12F9F7BF9CE9E48692D94F7DA3 | |||
2604 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2604.1689\Revenge-RAT v0.3\Revenge-RAT v0.3\Database\2017-09-15\1-53-36 PM.log | text | |
MD5:501A33D7CD1D3CD39FD2877F3E3C96CA | SHA256:0582B0B80E305B0E4B2C6D1AD6E2778C694651C4269CD2C6D6078A0D6F9B8BAA | |||
2604 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2604.1689\Revenge-RAT v0.3\Revenge-RAT v0.3\Database\2017-09-11\3-55-07 PM.log | text | |
MD5:5A33D023C3846E519DB801BC24D87AF1 | SHA256:A033BD1E635ABF07CDB301ABF4BE521255E0A8A402B944E3AAC537DFC25BA807 | |||
2604 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2604.1689\Revenge-RAT v0.3\Revenge-RAT v0.3\Database\2017-09-02\1-12-29 PM.log | text | |
MD5:AFC337DB6050AA092B2A33CB8649DEC9 | SHA256:27203EC223088841BE4561ECB743F70EC083D8BBEE063C77D792135DD9FF6E8A |