General
-
Target
3f5d94ceb5367b224386438511aa78c245d977846a71fcd8ffa6c6470d1b3fe7
-
Size
17KB
-
Sample
220701-b9dbnaggc7
-
MD5
1098d8e6429779b56a6b6a542cd3bc11
-
SHA1
73f6b9c7b6cf16d2abdf3a6ec06b0ac2aeb62af5
-
SHA256
3f5d94ceb5367b224386438511aa78c245d977846a71fcd8ffa6c6470d1b3fe7
-
SHA512
825a655df4440f3f4a072fe0ff4ab5d237cae5f3485d3bd51ce8053bf336aa4286f0e16d796e83c40c99d236cbe08c54b6914e34a5b307968d3d3fb88aa977a0
Malware Config
Extracted
revengerat
The New
wowhu.zapto.org:5550
wowhu.zapto.org:5551
wowhu.zapto.org:5552
wowhu.zapto.org:5553
wowhu.zapto.org:5554
wowhu.zapto.org:5555
haxballfc.ddns.net:5550
haxballfc.ddns.net:5551
haxballfc.ddns.net:5552
haxballfc.ddns.net:5553
haxballfc.ddns.net:5554
haxballfc.ddns.net:5555
linkshosts.ddns.net:5550
linkshosts.ddns.net:5551
linkshosts.ddns.net:5552
linkshosts.ddns.net:5553
linkshosts.ddns.net:5554
linkshosts.ddns.net:5555
gaminghost.ddns.net:5550
gaminghost.ddns.net:5551
RV_MUTEX-IPcYBGldGoFYE
Targets
-
-
Target
3f5d94ceb5367b224386438511aa78c245d977846a71fcd8ffa6c6470d1b3fe7
-
Size
17KB
-
MD5
1098d8e6429779b56a6b6a542cd3bc11
-
SHA1
73f6b9c7b6cf16d2abdf3a6ec06b0ac2aeb62af5
-
SHA256
3f5d94ceb5367b224386438511aa78c245d977846a71fcd8ffa6c6470d1b3fe7
-
SHA512
825a655df4440f3f4a072fe0ff4ab5d237cae5f3485d3bd51ce8053bf336aa4286f0e16d796e83c40c99d236cbe08c54b6914e34a5b307968d3d3fb88aa977a0
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
RevengeRat Executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-