General
-
Target
f7f42dfc0745edd972064828479c2f022e841cc0a7d49e13f02a2b66f25fb260
-
Size
458KB
-
Sample
220219-kzx3raabd4
-
MD5
19a61aa2ec75f1708f03c8087d2c896f
-
SHA1
ba5e80d5e7bd659629a1ff6315f6826666602bc7
-
SHA256
f7f42dfc0745edd972064828479c2f022e841cc0a7d49e13f02a2b66f25fb260
-
SHA512
eed10f44eb45921f27f4a9733e71302cd70b3d5209ccb2696b99fdce10a415f04b489bdad30b5d80311d4f6ee09d9833d8d2e92c981a3ea33784c4202ef65694
Static task
static1
Behavioral task
behavioral1
Sample
f7f42dfc0745edd972064828479c2f022e841cc0a7d49e13f02a2b66f25fb260.vbs
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
f7f42dfc0745edd972064828479c2f022e841cc0a7d49e13f02a2b66f25fb260.vbs
Resource
win10v2004-en-20220112
Malware Config
Extracted
revengerat
Client
kimjoy.ddns.net:6699
S1NTYL5X286LOEH
Targets
-
-
Target
f7f42dfc0745edd972064828479c2f022e841cc0a7d49e13f02a2b66f25fb260
-
Size
458KB
-
MD5
19a61aa2ec75f1708f03c8087d2c896f
-
SHA1
ba5e80d5e7bd659629a1ff6315f6826666602bc7
-
SHA256
f7f42dfc0745edd972064828479c2f022e841cc0a7d49e13f02a2b66f25fb260
-
SHA512
eed10f44eb45921f27f4a9733e71302cd70b3d5209ccb2696b99fdce10a415f04b489bdad30b5d80311d4f6ee09d9833d8d2e92c981a3ea33784c4202ef65694
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-