General
-
Target
14a8b1172f7f0d8cf9bc6fe3aa20f1700170b7e3ea280e85659a72099333e561
-
Size
74KB
-
Sample
220219-k3lh5abcak
-
MD5
590f345e2c9714dabfb2944aa79e7c5f
-
SHA1
44050c1021c42197d9ce085d7cec9a395d4a9fcc
-
SHA256
14a8b1172f7f0d8cf9bc6fe3aa20f1700170b7e3ea280e85659a72099333e561
-
SHA512
c5c65ffc313dca8ce9aa82ee873847787ca0c725f240c2a83aac2328cca6450a5df4b57ee08419f87dd06370e811d6b70f7225800fc94311075670f7c1f9244f
Static task
static1
Behavioral task
behavioral1
Sample
14a8b1172f7f0d8cf9bc6fe3aa20f1700170b7e3ea280e85659a72099333e561.vbs
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
14a8b1172f7f0d8cf9bc6fe3aa20f1700170b7e3ea280e85659a72099333e561.vbs
Resource
win10v2004-en-20220113
Malware Config
Extracted
https://pastebin.com/raw/qZMWnhpc
Extracted
revengerat
Client
kimjoy.ddns.net:2021
RXQLV8XYTDNHNSA
Targets
-
-
Target
14a8b1172f7f0d8cf9bc6fe3aa20f1700170b7e3ea280e85659a72099333e561
-
Size
74KB
-
MD5
590f345e2c9714dabfb2944aa79e7c5f
-
SHA1
44050c1021c42197d9ce085d7cec9a395d4a9fcc
-
SHA256
14a8b1172f7f0d8cf9bc6fe3aa20f1700170b7e3ea280e85659a72099333e561
-
SHA512
c5c65ffc313dca8ce9aa82ee873847787ca0c725f240c2a83aac2328cca6450a5df4b57ee08419f87dd06370e811d6b70f7225800fc94311075670f7c1f9244f
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-