General
-
Target
2bbaca2a87764bc28c643709da48f8460c2144b22faf750fefcaa9d7307f26b4
-
Size
69KB
-
Sample
220524-3t56aacba3
-
MD5
7a8741e0e7279c649172efbfeae3735b
-
SHA1
7087c77fc72af28a5a72afcc1a16f7b56c84cb27
-
SHA256
2bbaca2a87764bc28c643709da48f8460c2144b22faf750fefcaa9d7307f26b4
-
SHA512
1b9359cc3638412919b3bb5d6dabe7c5b5014eeb36bea5bf94cbd8cbf25d1a20804f4c0ee9ec46d0480549955d24aebdd93e0839b46a9eb51a93d6aea2e86488
Malware Config
Targets
-
-
Target
2bbaca2a87764bc28c643709da48f8460c2144b22faf750fefcaa9d7307f26b4
-
Size
69KB
-
MD5
7a8741e0e7279c649172efbfeae3735b
-
SHA1
7087c77fc72af28a5a72afcc1a16f7b56c84cb27
-
SHA256
2bbaca2a87764bc28c643709da48f8460c2144b22faf750fefcaa9d7307f26b4
-
SHA512
1b9359cc3638412919b3bb5d6dabe7c5b5014eeb36bea5bf94cbd8cbf25d1a20804f4c0ee9ec46d0480549955d24aebdd93e0839b46a9eb51a93d6aea2e86488
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
RevengeRat Executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-