General
-
Target
39ca0763bd03a8d005101682a0cc6fec9bbef0549effe79a1405eab59635ef08
-
Size
18KB
-
Sample
220625-ka6zcsfbg7
-
MD5
1a506f45ee5eb2764fdf980f0fbaf7ca
-
SHA1
6dd081bb7b55540bcf9896c6cfbf037d73f03f4a
-
SHA256
39ca0763bd03a8d005101682a0cc6fec9bbef0549effe79a1405eab59635ef08
-
SHA512
ed99e3c1c64942af342da0e400463fae33c17496c4fe8ce9d33d26546eb221066b556df24b38d6659d49910d2c28fcde1fc67f7cd8c38266ab00148c85eeda7c
Static task
static1
Behavioral task
behavioral1
Sample
39ca0763bd03a8d005101682a0cc6fec9bbef0549effe79a1405eab59635ef08.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
39ca0763bd03a8d005101682a0cc6fec9bbef0549effe79a1405eab59635ef08.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
revengerat
Anoy
anoy.zapto.org:1155
RV_MUTEX-rClgZblRvZwfR
Targets
-
-
Target
39ca0763bd03a8d005101682a0cc6fec9bbef0549effe79a1405eab59635ef08
-
Size
18KB
-
MD5
1a506f45ee5eb2764fdf980f0fbaf7ca
-
SHA1
6dd081bb7b55540bcf9896c6cfbf037d73f03f4a
-
SHA256
39ca0763bd03a8d005101682a0cc6fec9bbef0549effe79a1405eab59635ef08
-
SHA512
ed99e3c1c64942af342da0e400463fae33c17496c4fe8ce9d33d26546eb221066b556df24b38d6659d49910d2c28fcde1fc67f7cd8c38266ab00148c85eeda7c
Score10/10-
RevengeRat Executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-