General
-
Target
5b5255c6f73275be042f41567681153584385c36eb98ab0dfc9b4aac9c3ee997
-
Size
943KB
-
Sample
220515-z7l3saabcl
-
MD5
0c2f6990335ab2e2593fa2426b41bdb9
-
SHA1
96c6a1d912373cd9d493619f19363da0c3efb792
-
SHA256
5b5255c6f73275be042f41567681153584385c36eb98ab0dfc9b4aac9c3ee997
-
SHA512
8e8914384d009cc5f7dccae38d57877f9152227839b0ccd2e2a70b02848fbda744704b4978976f91c30ca336fe9793c75fd56a2b09a883d531b48fc88db87b43
Static task
static1
Behavioral task
behavioral1
Sample
5b5255c6f73275be042f41567681153584385c36eb98ab0dfc9b4aac9c3ee997.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5b5255c6f73275be042f41567681153584385c36eb98ab0dfc9b4aac9c3ee997.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
revengerat
Guest
ournewcompany2.hopto.org:333
RV_MUTEX
Targets
-
-
Target
5b5255c6f73275be042f41567681153584385c36eb98ab0dfc9b4aac9c3ee997
-
Size
943KB
-
MD5
0c2f6990335ab2e2593fa2426b41bdb9
-
SHA1
96c6a1d912373cd9d493619f19363da0c3efb792
-
SHA256
5b5255c6f73275be042f41567681153584385c36eb98ab0dfc9b4aac9c3ee997
-
SHA512
8e8914384d009cc5f7dccae38d57877f9152227839b0ccd2e2a70b02848fbda744704b4978976f91c30ca336fe9793c75fd56a2b09a883d531b48fc88db87b43
Score10/10-
RevengeRat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-