General
-
Target
ed50a7dd6b0cb92ea190a8a08511c540a63da514747d0169be3b49ebb6d97914
-
Size
474KB
-
Sample
220615-q8mk9shfem
-
MD5
29949b137d1cedcce284cd603b3c9a21
-
SHA1
004bd05389be80be22120457351a02212d93e69c
-
SHA256
ed50a7dd6b0cb92ea190a8a08511c540a63da514747d0169be3b49ebb6d97914
-
SHA512
93f24a3d3b2cedbcb7dd492d1eaf2b22cd4ad3fabcab6ebcf2e82f5e0318f376d61a0b9578aa3a6bfa0d428e691d7b2f34e72a78964061c3f5b4ceb420143936
Static task
static1
Behavioral task
behavioral1
Sample
ed50a7dd6b0cb92ea190a8a08511c540a63da514747d0169be3b49ebb6d97914.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ed50a7dd6b0cb92ea190a8a08511c540a63da514747d0169be3b49ebb6d97914.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
revengerat
Guest
MTg1LjE2MS4yMDkuNDg=:Njc2Nw==
Random
Targets
-
-
Target
ed50a7dd6b0cb92ea190a8a08511c540a63da514747d0169be3b49ebb6d97914
-
Size
474KB
-
MD5
29949b137d1cedcce284cd603b3c9a21
-
SHA1
004bd05389be80be22120457351a02212d93e69c
-
SHA256
ed50a7dd6b0cb92ea190a8a08511c540a63da514747d0169be3b49ebb6d97914
-
SHA512
93f24a3d3b2cedbcb7dd492d1eaf2b22cd4ad3fabcab6ebcf2e82f5e0318f376d61a0b9578aa3a6bfa0d428e691d7b2f34e72a78964061c3f5b4ceb420143936
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-