General
-
Target
70a50fac81ba4867e190e5aa600db3f849f87da0804bd670e184b665bb86ee87
-
Size
8.3MB
-
Sample
220315-t23wfsddh8
-
MD5
c25411c67aa30dbe53f157a411818426
-
SHA1
396ad9485cccba77f91a84b9d5b6356bb728d19b
-
SHA256
70a50fac81ba4867e190e5aa600db3f849f87da0804bd670e184b665bb86ee87
-
SHA512
ad36da1c23602299696e5a44d3a193ff8c29be2e73708bbbded6ae321da8de1dbdfd204279153eb19c7505a3c3f80a7334f85b261ac039c8e6153120ec096121
Static task
static1
Behavioral task
behavioral1
Sample
70a50fac81ba4867e190e5aa600db3f849f87da0804bd670e184b665bb86ee87.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
70a50fac81ba4867e190e5aa600db3f849f87da0804bd670e184b665bb86ee87.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
https://www.minpic.de/k/b7d6/44dea/
Extracted
https://www.minpic.de/k/b7d4/1jepll/
Extracted
revengerat
Guest
185.25.50.196:64537
RV_MUTEX-pnFwUnoWrUUgHRH
Targets
-
-
Target
70a50fac81ba4867e190e5aa600db3f849f87da0804bd670e184b665bb86ee87
-
Size
8.3MB
-
MD5
c25411c67aa30dbe53f157a411818426
-
SHA1
396ad9485cccba77f91a84b9d5b6356bb728d19b
-
SHA256
70a50fac81ba4867e190e5aa600db3f849f87da0804bd670e184b665bb86ee87
-
SHA512
ad36da1c23602299696e5a44d3a193ff8c29be2e73708bbbded6ae321da8de1dbdfd204279153eb19c7505a3c3f80a7334f85b261ac039c8e6153120ec096121
Score10/10-
RevengeRat Executable
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-