General
-
Target
0x0009000000012733-58.dat
-
Size
92KB
-
Sample
220612-3qv6xagba8
-
MD5
2b6dc42dc5c0b40bf131dc3eb4f7b4ba
-
SHA1
277a44b6fc468199180efdab5c4151e5b772e2b9
-
SHA256
a2639ef31af5e1015463f0663982ae4bd10271f1660cdec494cfb8848b2c87a0
-
SHA512
98f993806bafe8924fe58e92d4441376350117eeb3b17f9e74221cbe4410376592050a7d05e3b914ca39eef63583356df0213def1510d6bb233f77ee45c6a11d
Static task
static1
Behavioral task
behavioral1
Sample
0x0009000000012733-58.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0x0009000000012733-58.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
revengerat
Guest
blessed147.ddns.net:8089
RV_MUTEX
Targets
-
-
Target
0x0009000000012733-58.dat
-
Size
92KB
-
MD5
2b6dc42dc5c0b40bf131dc3eb4f7b4ba
-
SHA1
277a44b6fc468199180efdab5c4151e5b772e2b9
-
SHA256
a2639ef31af5e1015463f0663982ae4bd10271f1660cdec494cfb8848b2c87a0
-
SHA512
98f993806bafe8924fe58e92d4441376350117eeb3b17f9e74221cbe4410376592050a7d05e3b914ca39eef63583356df0213def1510d6bb233f77ee45c6a11d
Score10/10-
RevengeRat Executable
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-