General
-
Target
fd9f4bc99e7a969551c859d3da5dfd6c4151a20c9663619a4b14be7958c34e0e
-
Size
17KB
-
Sample
220520-enlyfsbhap
-
MD5
4a1e9090a6a6bc9dda8706d35e5ef027
-
SHA1
8f8a66cb388f0ed59c46c3bc23c95c6724b8c2be
-
SHA256
fd9f4bc99e7a969551c859d3da5dfd6c4151a20c9663619a4b14be7958c34e0e
-
SHA512
961e334b79d36a781f732f6e4116d84b99d7fb2063e94bd901d42a092d664141e59ff4d7cade49d848ee16cd5be8bba3e849c9a12b8c24469e5a7aa264cfd33a
Static task
static1
Behavioral task
behavioral1
Sample
fd9f4bc99e7a969551c859d3da5dfd6c4151a20c9663619a4b14be7958c34e0e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
fd9f4bc99e7a969551c859d3da5dfd6c4151a20c9663619a4b14be7958c34e0e.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
revengerat
Guest
0.tcp.ngrok.io:17455
RV_MUTEX-iYAoBLOacwYd
Targets
-
-
Target
fd9f4bc99e7a969551c859d3da5dfd6c4151a20c9663619a4b14be7958c34e0e
-
Size
17KB
-
MD5
4a1e9090a6a6bc9dda8706d35e5ef027
-
SHA1
8f8a66cb388f0ed59c46c3bc23c95c6724b8c2be
-
SHA256
fd9f4bc99e7a969551c859d3da5dfd6c4151a20c9663619a4b14be7958c34e0e
-
SHA512
961e334b79d36a781f732f6e4116d84b99d7fb2063e94bd901d42a092d664141e59ff4d7cade49d848ee16cd5be8bba3e849c9a12b8c24469e5a7aa264cfd33a
Score10/10-
RevengeRat Executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-