General
-
Target
5f59284e2744ad6c645ec3b837af0ad20b9577d6439c4edf32f0ab30ef0bceaf
-
Size
110KB
-
Sample
220520-enpz4shbd3
-
MD5
e8803432a8c66bd6dccfdcc66135c5c6
-
SHA1
f278f4874a7d85234351f48c49ce49a147d7d064
-
SHA256
5f59284e2744ad6c645ec3b837af0ad20b9577d6439c4edf32f0ab30ef0bceaf
-
SHA512
3231777d1922a81e5c47f1db846ac8ceef3698bd4e61ca1d68aada3f97c82a0043dd9d51a95f7b68fbe303554ecefa5beb3314d44da0527807a9ccc12ffe6edd
Static task
static1
Behavioral task
behavioral1
Sample
5f59284e2744ad6c645ec3b837af0ad20b9577d6439c4edf32f0ab30ef0bceaf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5f59284e2744ad6c645ec3b837af0ad20b9577d6439c4edf32f0ab30ef0bceaf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
revengerat
dllhost.exe
ki0t9ol5puytgrfe.ddns.net:3332
ki0t9ol5puytgrfe.ddns.net:15745
0.tcp.ngrok.io:3332
0.tcp.ngrok.io:15745
RV_MUTEX-lawrHJfWfhaRC
Targets
-
-
Target
5f59284e2744ad6c645ec3b837af0ad20b9577d6439c4edf32f0ab30ef0bceaf
-
Size
110KB
-
MD5
e8803432a8c66bd6dccfdcc66135c5c6
-
SHA1
f278f4874a7d85234351f48c49ce49a147d7d064
-
SHA256
5f59284e2744ad6c645ec3b837af0ad20b9577d6439c4edf32f0ab30ef0bceaf
-
SHA512
3231777d1922a81e5c47f1db846ac8ceef3698bd4e61ca1d68aada3f97c82a0043dd9d51a95f7b68fbe303554ecefa5beb3314d44da0527807a9ccc12ffe6edd
Score10/10-
RevengeRat Executable
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-