General
-
Target
c411b538758c6a43014cc15b7eb76dfbc036f9960463f464980f1b8e7f392da5
-
Size
158KB
-
Sample
220319-vbhy2aebd7
-
MD5
31a1ca812ea498de949a1fbf05fa6acc
-
SHA1
cfa6b8f13e9388a068f66614f1afb615112a3dc1
-
SHA256
c411b538758c6a43014cc15b7eb76dfbc036f9960463f464980f1b8e7f392da5
-
SHA512
e076f2c1dfcced6a1b0798fb557d9af4a5b6d142a64f866c1dd36d497a4b1a765322faa392210ae704f5092c90067ddcd0104de79d7d83e59fa0ed0337e1b89f
Static task
static1
Behavioral task
behavioral1
Sample
c411b538758c6a43014cc15b7eb76dfbc036f9960463f464980f1b8e7f392da5.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
c411b538758c6a43014cc15b7eb76dfbc036f9960463f464980f1b8e7f392da5.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
revengerat
000000000
github-58677.portmap.io:58677
github-58677.portmap.io:3333
anunankis1.duckdns.org:58677
anunankis1.duckdns.org:3333
anunankis10.duckdns.org:58677
anunankis10.duckdns.org:3333
RV_MUTEX
Targets
-
-
Target
c411b538758c6a43014cc15b7eb76dfbc036f9960463f464980f1b8e7f392da5
-
Size
158KB
-
MD5
31a1ca812ea498de949a1fbf05fa6acc
-
SHA1
cfa6b8f13e9388a068f66614f1afb615112a3dc1
-
SHA256
c411b538758c6a43014cc15b7eb76dfbc036f9960463f464980f1b8e7f392da5
-
SHA512
e076f2c1dfcced6a1b0798fb557d9af4a5b6d142a64f866c1dd36d497a4b1a765322faa392210ae704f5092c90067ddcd0104de79d7d83e59fa0ed0337e1b89f
Score10/10-
RevengeRat Executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-