General
-
Target
5211a46ac100bb4e5bbf98c0e2ee7b373df6d90090936a003e6c843313bb9655
-
Size
54KB
-
Sample
220415-bb1djaaec9
-
MD5
3bcbc6677190cc3222409e1ebc17fd94
-
SHA1
d214dfe5cc5aa2ac3400d9ae2c77ae0186f0e60e
-
SHA256
5211a46ac100bb4e5bbf98c0e2ee7b373df6d90090936a003e6c843313bb9655
-
SHA512
13b609b13dadc6a423313ed958041534d4cb6ca28fb3011ed76cdd006835cecbaac55c7af048b361400b90a157182d5914d1fc0f4c39a526f21c2e0bea3b5974
Static task
static1
Behavioral task
behavioral1
Sample
5211a46ac100bb4e5bbf98c0e2ee7b373df6d90090936a003e6c843313bb9655.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5211a46ac100bb4e5bbf98c0e2ee7b373df6d90090936a003e6c843313bb9655.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
revengerat
DP
akkaibalol-31403.portmap.host:31403
RV_MUTEX-flgZblRvZwfRtN
Targets
-
-
Target
5211a46ac100bb4e5bbf98c0e2ee7b373df6d90090936a003e6c843313bb9655
-
Size
54KB
-
MD5
3bcbc6677190cc3222409e1ebc17fd94
-
SHA1
d214dfe5cc5aa2ac3400d9ae2c77ae0186f0e60e
-
SHA256
5211a46ac100bb4e5bbf98c0e2ee7b373df6d90090936a003e6c843313bb9655
-
SHA512
13b609b13dadc6a423313ed958041534d4cb6ca28fb3011ed76cdd006835cecbaac55c7af048b361400b90a157182d5914d1fc0f4c39a526f21c2e0bea3b5974
Score10/10-
RevengeRat Executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-