General
-
Target
d94c2a5ea62d3c59414860b031c2926c30603f6276030f5ab5d6796d59b918ea
-
Size
17KB
-
Sample
220523-3z7ajadegm
-
MD5
759e1216fa75f7fca3bc7c84094ca531
-
SHA1
399e938b13613873c3f50759ce9386a38968ca3f
-
SHA256
d94c2a5ea62d3c59414860b031c2926c30603f6276030f5ab5d6796d59b918ea
-
SHA512
7bb0bbe4033b966978c4a621822b40184e0a63748151cdfe50fb7d659c74dedae8c9e8fd142e1aaf495c23556683173b70ba65e4af14ebac44c6fa787fa66917
Static task
static1
Behavioral task
behavioral1
Sample
d94c2a5ea62d3c59414860b031c2926c30603f6276030f5ab5d6796d59b918ea.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
d94c2a5ea62d3c59414860b031c2926c30603f6276030f5ab5d6796d59b918ea.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
revengerat
2SP Force DZ
imaneblueyesvpn.ddns.net:333
RV_MUTEX-jpnFwUnoWrUUg
Targets
-
-
Target
d94c2a5ea62d3c59414860b031c2926c30603f6276030f5ab5d6796d59b918ea
-
Size
17KB
-
MD5
759e1216fa75f7fca3bc7c84094ca531
-
SHA1
399e938b13613873c3f50759ce9386a38968ca3f
-
SHA256
d94c2a5ea62d3c59414860b031c2926c30603f6276030f5ab5d6796d59b918ea
-
SHA512
7bb0bbe4033b966978c4a621822b40184e0a63748151cdfe50fb7d659c74dedae8c9e8fd142e1aaf495c23556683173b70ba65e4af14ebac44c6fa787fa66917
Score10/10-
RevengeRat Executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-