General
-
Target
56f35b4b99a1cce723b70a146df402a3
-
Size
268KB
-
Sample
201214-2bm5ksdqvs
-
MD5
56f35b4b99a1cce723b70a146df402a3
-
SHA1
1e10ce79734ce11391965bd29d4fa911f9578550
-
SHA256
1e391dfa8394aa88e5ba9fead3b9486a9af0e160346c71f9c61bf0e11188f5fe
-
SHA512
aa5dfb9d10dc233ebb3d87fa113b57c4a69bc99e5b74dc170217a70244efa5935e77ca0dc6defe5b19b9addc99ab4c1870a6eeb0a839411831837d6e01b1e0cd
Static task
static1
Behavioral task
behavioral1
Sample
56f35b4b99a1cce723b70a146df402a3.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
56f35b4b99a1cce723b70a146df402a3.exe
Resource
win10v20201028
Malware Config
Extracted
revengerat
xzim
xzim.ddns.net:4444
RV_MUTEX-UClgZblRvZwfR
Targets
-
-
Target
56f35b4b99a1cce723b70a146df402a3
-
Size
268KB
-
MD5
56f35b4b99a1cce723b70a146df402a3
-
SHA1
1e10ce79734ce11391965bd29d4fa911f9578550
-
SHA256
1e391dfa8394aa88e5ba9fead3b9486a9af0e160346c71f9c61bf0e11188f5fe
-
SHA512
aa5dfb9d10dc233ebb3d87fa113b57c4a69bc99e5b74dc170217a70244efa5935e77ca0dc6defe5b19b9addc99ab4c1870a6eeb0a839411831837d6e01b1e0cd
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RevengeRat Executable
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-