General
-
Target
Quotation #01521.exe
-
Size
816KB
-
Sample
210105-nbpajjepkn
-
MD5
73619a5f7eab7a80e0fbbd5c8493c9b4
-
SHA1
84db67126574c21ef3233518452876ad123b4aa1
-
SHA256
7a538b979c2a126fb287ed7bbb18ac55687273dfbac2c09de85f073c9bf5e3df
-
SHA512
b92f4239da62411edcbf2378e67e28a307752f1b55d5977527e83069630a5d9894bb4f7138473da42f183b6fc5cdcb334aff76805acbae6908b35ed8716940c4
Static task
static1
Behavioral task
behavioral1
Sample
Quotation #01521.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Quotation #01521.exe
Resource
win10v20201028
Malware Config
Extracted
revengerat
2021
chongmei33.myddns.rocks:57438
37.120.208.40:57438
RV_MUTEX-ITXZMONFueOciqX
Targets
-
-
Target
Quotation #01521.exe
-
Size
816KB
-
MD5
73619a5f7eab7a80e0fbbd5c8493c9b4
-
SHA1
84db67126574c21ef3233518452876ad123b4aa1
-
SHA256
7a538b979c2a126fb287ed7bbb18ac55687273dfbac2c09de85f073c9bf5e3df
-
SHA512
b92f4239da62411edcbf2378e67e28a307752f1b55d5977527e83069630a5d9894bb4f7138473da42f183b6fc5cdcb334aff76805acbae6908b35ed8716940c4
Score10/10-
RevengeRat Executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-