General
-
Target
aafc181ac5fa1474722cc4556bc2797773cea719caad63f7f6fcc23bac27db2e
-
Size
6.6MB
-
Sample
220312-ask5hadcc5
-
MD5
dc70508f10ea72c1ad810c72b179bf28
-
SHA1
5c7ef633b20ad47c1a9967a181ebf42a5094c07d
-
SHA256
aafc181ac5fa1474722cc4556bc2797773cea719caad63f7f6fcc23bac27db2e
-
SHA512
8dc1d9ef4c4b9b4fef91c55734a0e813b1a8a4582fab36b7b52c3b2c0d217a25dce3dbc1d364d438766c1fa8fc1f64498c2f779848a5208f2ea7ce06ed43f06b
Static task
static1
Behavioral task
behavioral1
Sample
aafc181ac5fa1474722cc4556bc2797773cea719caad63f7f6fcc23bac27db2e.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
aafc181ac5fa1474722cc4556bc2797773cea719caad63f7f6fcc23bac27db2e.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
aafc181ac5fa1474722cc4556bc2797773cea719caad63f7f6fcc23bac27db2e
-
Size
6.6MB
-
MD5
dc70508f10ea72c1ad810c72b179bf28
-
SHA1
5c7ef633b20ad47c1a9967a181ebf42a5094c07d
-
SHA256
aafc181ac5fa1474722cc4556bc2797773cea719caad63f7f6fcc23bac27db2e
-
SHA512
8dc1d9ef4c4b9b4fef91c55734a0e813b1a8a4582fab36b7b52c3b2c0d217a25dce3dbc1d364d438766c1fa8fc1f64498c2f779848a5208f2ea7ce06ed43f06b
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
RevengeRat Executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-