General
-
Target
ba5821b52acfddb0094f6746a88a99b3fd5152cbec21d05bac8611a0921052f7
-
Size
8.0MB
-
Sample
220316-zc89tsgbh4
-
MD5
45df7cac0ed5b81ab9ce28a44a60a132
-
SHA1
e879b5ffd2d9f79be12472395130a0b67c12e13e
-
SHA256
ba5821b52acfddb0094f6746a88a99b3fd5152cbec21d05bac8611a0921052f7
-
SHA512
6456c1d821031c3e090f1a6c807da61b639306ef64c6d0b233cc5770ea4a0280ebca19c9f3dbaf4b74f717a6237a2b744cfab851075ad9e5cb168fda01428086
Malware Config
Extracted
https://www.minpic.de/k/b7d6/44dea/
Extracted
https://www.minpic.de/k/b7d4/1jepll/
Extracted
revengerat
Guest
185.25.50.196:64537
RV_MUTEX-pnFwUnoWrUUgHRH
Targets
-
-
Target
ba5821b52acfddb0094f6746a88a99b3fd5152cbec21d05bac8611a0921052f7
-
Size
8.0MB
-
MD5
45df7cac0ed5b81ab9ce28a44a60a132
-
SHA1
e879b5ffd2d9f79be12472395130a0b67c12e13e
-
SHA256
ba5821b52acfddb0094f6746a88a99b3fd5152cbec21d05bac8611a0921052f7
-
SHA512
6456c1d821031c3e090f1a6c807da61b639306ef64c6d0b233cc5770ea4a0280ebca19c9f3dbaf4b74f717a6237a2b744cfab851075ad9e5cb168fda01428086
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
RevengeRat Executable
-
Blocklisted process makes network request
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-