General
-
Target
36884fba5e03e2bda056c5345d1e9e2af3d72860c116b0110c9a845fbeb68298
-
Size
38KB
-
Sample
220219-kznt3sabc8
-
MD5
0d16eafc2062d62ca907d9173306297e
-
SHA1
8c276ce7589c6fe757206ba932fc8f15865869c1
-
SHA256
36884fba5e03e2bda056c5345d1e9e2af3d72860c116b0110c9a845fbeb68298
-
SHA512
1190ddc702ca46931a7e08aa0c0aeee59ba2f948cfc1301797e7400236f0cd30ed341fddb3f67105aafcba40b2cd710bb8244833ffdb92eb51724a4b4057b480
Static task
static1
Behavioral task
behavioral1
Sample
36884fba5e03e2bda056c5345d1e9e2af3d72860c116b0110c9a845fbeb68298.vbs
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
36884fba5e03e2bda056c5345d1e9e2af3d72860c116b0110c9a845fbeb68298.vbs
Resource
win10v2004-en-20220113
Malware Config
Extracted
https://pastebin.com/raw/8AjnXrD3
Extracted
revengerat
Client
kimjoy.ddns.net:2021
RXQLV8XYTDNHNSA
Targets
-
-
Target
36884fba5e03e2bda056c5345d1e9e2af3d72860c116b0110c9a845fbeb68298
-
Size
38KB
-
MD5
0d16eafc2062d62ca907d9173306297e
-
SHA1
8c276ce7589c6fe757206ba932fc8f15865869c1
-
SHA256
36884fba5e03e2bda056c5345d1e9e2af3d72860c116b0110c9a845fbeb68298
-
SHA512
1190ddc702ca46931a7e08aa0c0aeee59ba2f948cfc1301797e7400236f0cd30ed341fddb3f67105aafcba40b2cd710bb8244833ffdb92eb51724a4b4057b480
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-