General
-
Target
af4bb34b486434d235ff70d344e3fa4e6d56a83705e1cc288efe219edceded06
-
Size
162KB
-
Sample
220219-k2vemsbbhj
-
MD5
c3c90a58ff247a052529de56f29ecf3c
-
SHA1
aa62c39357984dfa208c1ff7a0b76dc200c37b4d
-
SHA256
af4bb34b486434d235ff70d344e3fa4e6d56a83705e1cc288efe219edceded06
-
SHA512
6427d3abddaf44ce8d11fe686cfdf3d0fddfe9c910da406416da646aaf172d4514dbbd1419b8c2ea6fce13c538beee22b8c46adb6a4360c4d3626ba65f9d02f3
Static task
static1
Behavioral task
behavioral1
Sample
af4bb34b486434d235ff70d344e3fa4e6d56a83705e1cc288efe219edceded06.vbs
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
af4bb34b486434d235ff70d344e3fa4e6d56a83705e1cc288efe219edceded06.vbs
Resource
win10v2004-en-20220112
Malware Config
Extracted
revengerat
Client
kimjoy.ddns.net:6699
S1NTYL5X286LOEH
Targets
-
-
Target
af4bb34b486434d235ff70d344e3fa4e6d56a83705e1cc288efe219edceded06
-
Size
162KB
-
MD5
c3c90a58ff247a052529de56f29ecf3c
-
SHA1
aa62c39357984dfa208c1ff7a0b76dc200c37b4d
-
SHA256
af4bb34b486434d235ff70d344e3fa4e6d56a83705e1cc288efe219edceded06
-
SHA512
6427d3abddaf44ce8d11fe686cfdf3d0fddfe9c910da406416da646aaf172d4514dbbd1419b8c2ea6fce13c538beee22b8c46adb6a4360c4d3626ba65f9d02f3
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-