Malicious
Malicious

940946e310aedb47743b623901ab79ab

PE Executable
|
MD5: 940946e310aedb47743b623901ab79ab
|
Size: 14.85 KB
|
application/x-msdownload

RAT
LimeRevengeRat
Executable
PE (Portable Executable)
Win 32 Exe
x86
.Net
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
940946e310aedb47743b623901ab79ab
Sha1
f55a82da36b95b7cf1818751ce90441864a0e6b3
Sha256
d095c56acd5ed2cecf9e33329586cb8e7caa2d7de9cf5fe79dccc92f50d94887
Sha384
67c5fef8a2900dcb0910b872d826b79e8a28188902ea98f2202320403ea751af2989d5fb8e020e6707e447e2d7152807
Sha512
a4dd3731b8abc2ca1a2f5334db581e5385b0c23e45e444005687e67faa89537c8823ac9b79a237d47ba45ae3b7c6279f7abd5156229dde90d80be913e64d64a3
SSDeep
192:X+8C+EKS0O9ejYTDG8bcp4Llh12nieXubWyD9JEBkGxVXxqoNZRJ8:XNVjYTDG8gp811eXTyD3Enx+oNO
TLSH
A8622A09B3EC0339C1BD07BC0DB242356371E5A79A62D71F1DD890FA8992BD55B60BE8

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
940946e310aedb47743b623901ab79ab
RAT
LimeRevengeRat
Executable
PE (Portable Executable)
Win 32 Exe
x86
.Net
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Malware Configuration - LimeRevengeRAT config.
Config. Field
 Value
Host

lua.ddns.com.br
Port

5222
Id

TnlhbkNhdFJldmVuZ2U=
CurrentMutex

c0e76ddd3c574
Key

Revenge-RAT�
Splitter

!@#%^NYAN#!@$
Informations
Name
 Value
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void Lime.Program::Main()
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

60
Main Method

System.Void Lime.Program::Main()
Main IL Instruction Count

25
Main IL

ldc.i4 2500 call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4.1 <null> ldsfld System.String Lime.Settings.Config::currentMutex ldloca.s V_0 newobj System.Void System.Threading.Mutex::.ctor(System.Boolean,System.String,System.Boolean&) stsfld System.Threading.Mutex Lime.Settings.Config::programMutex ldloc.0 <null> brtrue.s IL_0025: call System.Void Lime.Helper.PreventSleep::Run() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Lime.Helper.PreventSleep::Run() ldsfld System.EventHandler Lime.Program::<>9__CachedAnonymousMethodDelegate1 brtrue.s IL_0042: ldsfld System.EventHandler Lime.Program::<>9__CachedAnonymousMethodDelegate1 ldnull <null> ldftn System.Void Lime.Program::<Main>b__0(System.Object,System.EventArgs) newobj System.Void System.EventHandler::.ctor(System.Object,System.IntPtr) stsfld System.EventHandler Lime.Program::<>9__CachedAnonymousMethodDelegate1 ldsfld System.EventHandler Lime.Program::<>9__CachedAnonymousMethodDelegate1 call System.Void System.Windows.Forms.Application::add_ApplicationExit(System.EventHandler) leave.s IL_0051: call System.Void Lime.Connection.Client::Run() pop <null> leave.s IL_0051: call System.Void Lime.Connection.Client::Run() call System.Void Lime.Connection.Client::Run() ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void Lime.Program::Main()
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

60
Main Method

System.Void Lime.Program::Main()
Main IL Instruction Count

25
Main IL

ldc.i4 2500 call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4.1 <null> ldsfld System.String Lime.Settings.Config::currentMutex ldloca.s V_0 newobj System.Void System.Threading.Mutex::.ctor(System.Boolean,System.String,System.Boolean&) stsfld System.Threading.Mutex Lime.Settings.Config::programMutex ldloc.0 <null> brtrue.s IL_0025: call System.Void Lime.Helper.PreventSleep::Run() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Lime.Helper.PreventSleep::Run() ldsfld System.EventHandler Lime.Program::<>9__CachedAnonymousMethodDelegate1 brtrue.s IL_0042: ldsfld System.EventHandler Lime.Program::<>9__CachedAnonymousMethodDelegate1 ldnull <null> ldftn System.Void Lime.Program::<Main>b__0(System.Object,System.EventArgs) newobj System.Void System.EventHandler::.ctor(System.Object,System.IntPtr) stsfld System.EventHandler Lime.Program::<>9__CachedAnonymousMethodDelegate1 ldsfld System.EventHandler Lime.Program::<>9__CachedAnonymousMethodDelegate1 call System.Void System.Windows.Forms.Application::add_ApplicationExit(System.EventHandler) leave.s IL_0051: call System.Void Lime.Connection.Client::Run() pop <null> leave.s IL_0051: call System.Void Lime.Connection.Client::Run() call System.Void Lime.Connection.Client::Run() ret <null>
Artefacts
Name
 Value
CnC

lua.ddns.com.br
Port

5222
Embedded Resources

0
Suspicious Type Names (1-2 chars)

0
940946e310aedb47743b623901ab79ab (14.85 KB)
File Structure
940946e310aedb47743b623901ab79ab
RAT
LimeRevengeRat
Executable
PE (Portable Executable)
Win 32 Exe
x86
.Net
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Characteristics
Malware Configuration - LimeRevengeRAT config.
Config. Field
 Value
Host

lua.ddns.com.br
Port

5222
Id

TnlhbkNhdFJldmVuZ2U=
CurrentMutex

c0e76ddd3c574
Key

Revenge-RAT�
Splitter

!@#%^NYAN#!@$
Artefacts
Name
 Value Location
CnC

lua.ddns.com.br

Malicious

940946e310aedb47743b623901ab79ab
Port

5222

Malicious

940946e310aedb47743b623901ab79ab
Embedded Resources

0

940946e310aedb47743b623901ab79ab
Suspicious Type Names (1-2 chars)

0

940946e310aedb47743b623901ab79ab
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙