Source: kHCaZ06n23.exe, type: SAMPLE | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 0.0.kHCaZ06n23.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 1.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 8.2.SecurityHealthService.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 0.2.kHCaZ06n23.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 0.2.kHCaZ06n23.exe.3667e00.1.unpack, type: UNPACKEDPE | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 10.0.aspnet_compiler.exe.630000.1.unpack, type: UNPACKEDPE | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 0.2.kHCaZ06n23.exe.3667e00.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 10.2.aspnet_compiler.exe.630000.0.unpack, type: UNPACKEDPE | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 10.0.aspnet_compiler.exe.630000.0.unpack, type: UNPACKEDPE | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 8.0.SecurityHealthService.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 8.2.SecurityHealthService.exe.3707e00.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 8.2.SecurityHealthService.exe.3707e00.1.unpack, type: UNPACKEDPE | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 00000001.00000002.264317494.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 0000000A.00000002.294042938.0000000000632000.00000020.00000001.sdmp, type: MEMORY | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 00000008.00000002.268787538.0000000003707000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 00000000.00000000.251968084.0000000000402000.00000020.00020000.sdmp, type: MEMORY | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 00000008.00000000.263805408.0000000000402000.00000020.00020000.sdmp, type: MEMORY | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 0000000A.00000000.269181851.0000000000632000.00000020.00000001.sdmp, type: MEMORY | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 0000000A.00000000.269763706.0000000000632000.00000020.00000001.sdmp, type: MEMORY | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 00000008.00000002.267001553.0000000000402000.00000020.00020000.sdmp, type: MEMORY | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 00000001.00000003.259287377.000000000113F000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 00000000.00000002.254412755.0000000000402000.00000020.00020000.sdmp, type: MEMORY | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 00000000.00000002.255142100.0000000003667000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: Process Memory Space: aspnet_compiler.exe PID: 6504, type: MEMORYSTR | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: Process Memory Space: SecurityHealthService.exe PID: 6868, type: MEMORYSTR | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: Process Memory Space: aspnet_compiler.exe PID: 6972, type: MEMORYSTR | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: C:\Users\user\AppData\Roaming\SecurityHealthService.exe, type: DROPPED | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: C:\Users\user\AppData\Roaming\SecurityHealthService.exe, type: DROPPED | Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: kHCaZ06n23.exe, type: SAMPLE | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 0.0.kHCaZ06n23.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 1.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 8.2.SecurityHealthService.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 0.2.kHCaZ06n23.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 0.2.kHCaZ06n23.exe.3667e00.1.unpack, type: UNPACKEDPE | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 10.0.aspnet_compiler.exe.630000.1.unpack, type: UNPACKEDPE | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 0.2.kHCaZ06n23.exe.3667e00.1.raw.unpack, type: UNPACKEDPE | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 10.2.aspnet_compiler.exe.630000.0.unpack, type: UNPACKEDPE | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 10.0.aspnet_compiler.exe.630000.0.unpack, type: UNPACKEDPE | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 8.0.SecurityHealthService.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 8.2.SecurityHealthService.exe.3707e00.1.raw.unpack, type: UNPACKEDPE | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 8.2.SecurityHealthService.exe.3707e00.1.unpack, type: UNPACKEDPE | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 00000001.00000002.264317494.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 0000000A.00000002.294042938.0000000000632000.00000020.00000001.sdmp, type: MEMORY | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 00000008.00000002.268787538.0000000003707000.00000004.00000001.sdmp, type: MEMORY | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 00000000.00000000.251968084.0000000000402000.00000020.00020000.sdmp, type: MEMORY | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 00000008.00000000.263805408.0000000000402000.00000020.00020000.sdmp, type: MEMORY | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 0000000A.00000000.269181851.0000000000632000.00000020.00000001.sdmp, type: MEMORY | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 0000000A.00000000.269763706.0000000000632000.00000020.00000001.sdmp, type: MEMORY | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 00000008.00000002.267001553.0000000000402000.00000020.00020000.sdmp, type: MEMORY | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 00000001.00000003.259287377.000000000113F000.00000004.00000001.sdmp, type: MEMORY | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 00000000.00000002.254412755.0000000000402000.00000020.00020000.sdmp, type: MEMORY | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: 00000000.00000002.255142100.0000000003667000.00000004.00000001.sdmp, type: MEMORY | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: Process Memory Space: aspnet_compiler.exe PID: 6504, type: MEMORYSTR | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: Process Memory Space: SecurityHealthService.exe PID: 6868, type: MEMORYSTR | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: Process Memory Space: aspnet_compiler.exe PID: 6972, type: MEMORYSTR | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: C:\Users\user\AppData\Roaming\SecurityHealthService.exe, type: DROPPED | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: C:\Users\user\AppData\Roaming\SecurityHealthService.exe, type: DROPPED | Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2020-07-27 |
Source: unknown | Process created: C:\Users\user\Desktop\kHCaZ06n23.exe 'C:\Users\user\Desktop\kHCaZ06n23.exe' | |
Source: C:\Users\user\Desktop\kHCaZ06n23.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe' /noconfig @'C:\Users\user\AppData\Local\Temp\ftffrmrs\ftffrmrs.cmdline' | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Process created: C:\Users\user\AppData\Roaming\SecurityHealthService.exe 'C:\Users\user\AppData\Roaming\SecurityHealthService.exe' | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user~1\AppData\Local\Temp\RESD3BA.tmp' 'C:\Users\user~1\AppData\Local\Temp\vbc6CC564E8AA1E43828C3D8B1FF2C4435.TMP' | |
Source: C:\Users\user\AppData\Roaming\SecurityHealthService.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 188 | |
Source: C:\Windows\System32\conhost.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\kHCaZ06n23.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe' /noconfig @'C:\Users\user\AppData\Local\Temp\ftffrmrs\ftffrmrs.cmdline' | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Process created: C:\Users\user\AppData\Roaming\SecurityHealthService.exe 'C:\Users\user\AppData\Roaming\SecurityHealthService.exe' | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user~1\AppData\Local\Temp\RESD3BA.tmp' 'C:\Users\user~1\AppData\Local\Temp\vbc6CC564E8AA1E43828C3D8B1FF2C4435.TMP' | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\SecurityHealthService.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe | Jump to behavior |