General
-
Target
00INVN0987.js
-
Size
204KB
-
Sample
220612-rg9gdseehj
-
MD5
3a2a1650aa3f0bdf262b244f636c01c5
-
SHA1
a7d61b35c91326e983c7d725b1ed8f49162f4758
-
SHA256
06672589c9c70009f9342ba946bcf8f671b7fc3a1f1031b02442f3d85e0afe94
-
SHA512
d05201160c7e3331db834a5d986e93c13506e2f28b431ffc452f4aef47266d0a7b0541dc9178cb974f73c18064d964bda5d6d43ce0f3519e5cc1275c7b03fb3f
Static task
static1
Behavioral task
behavioral1
Sample
00INVN0987.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
00INVN0987.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
revengerat
Guest
blessed147.ddns.net:8089
RV_MUTEX
Targets
-
-
Target
00INVN0987.js
-
Size
204KB
-
MD5
3a2a1650aa3f0bdf262b244f636c01c5
-
SHA1
a7d61b35c91326e983c7d725b1ed8f49162f4758
-
SHA256
06672589c9c70009f9342ba946bcf8f671b7fc3a1f1031b02442f3d85e0afe94
-
SHA512
d05201160c7e3331db834a5d986e93c13506e2f28b431ffc452f4aef47266d0a7b0541dc9178cb974f73c18064d964bda5d6d43ce0f3519e5cc1275c7b03fb3f
Score10/10-
RevengeRat Executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Uses the VBS compiler for execution
-