General
-
Target
3f5d94ceb5367b224386438511aa78c245d977846a71fcd8ffa6c6470d1b3fe7
-
Size
17KB
-
Sample
220701-b9dbnaggc7
-
MD5
1098d8e6429779b56a6b6a542cd3bc11
-
SHA1
73f6b9c7b6cf16d2abdf3a6ec06b0ac2aeb62af5
-
SHA256
3f5d94ceb5367b224386438511aa78c245d977846a71fcd8ffa6c6470d1b3fe7
-
SHA512
825a655df4440f3f4a072fe0ff4ab5d237cae5f3485d3bd51ce8053bf336aa4286f0e16d796e83c40c99d236cbe08c54b6914e34a5b307968d3d3fb88aa977a0
Static task
static1
Behavioral task
behavioral1
Sample
3f5d94ceb5367b224386438511aa78c245d977846a71fcd8ffa6c6470d1b3fe7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3f5d94ceb5367b224386438511aa78c245d977846a71fcd8ffa6c6470d1b3fe7.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
revengerat
The New
wowhu.zapto.org:5550
wowhu.zapto.org:5551
wowhu.zapto.org:5552
wowhu.zapto.org:5553
wowhu.zapto.org:5554
wowhu.zapto.org:5555
haxballfc.ddns.net:5550
haxballfc.ddns.net:5551
haxballfc.ddns.net:5552
haxballfc.ddns.net:5553
haxballfc.ddns.net:5554
haxballfc.ddns.net:5555
linkshosts.ddns.net:5550
linkshosts.ddns.net:5551
linkshosts.ddns.net:5552
linkshosts.ddns.net:5553
linkshosts.ddns.net:5554
linkshosts.ddns.net:5555
gaminghost.ddns.net:5550
gaminghost.ddns.net:5551
gaminghost.ddns.net:5552
gaminghost.ddns.net:5553
gaminghost.ddns.net:5554
gaminghost.ddns.net:5555
worldsez.publicvm.com:5550
worldsez.publicvm.com:5551
worldsez.publicvm.com:5552
worldsez.publicvm.com:5553
worldsez.publicvm.com:5554
worldsez.publicvm.com:5555
lighttech.publicvm.com:5550
lighttech.publicvm.com:5551
lighttech.publicvm.com:5552
lighttech.publicvm.com:5553
lighttech.publicvm.com:5554
lighttech.publicvm.com:5555
RV_MUTEX-IPcYBGldGoFYE
Targets
-
-
Target
3f5d94ceb5367b224386438511aa78c245d977846a71fcd8ffa6c6470d1b3fe7
-
Size
17KB
-
MD5
1098d8e6429779b56a6b6a542cd3bc11
-
SHA1
73f6b9c7b6cf16d2abdf3a6ec06b0ac2aeb62af5
-
SHA256
3f5d94ceb5367b224386438511aa78c245d977846a71fcd8ffa6c6470d1b3fe7
-
SHA512
825a655df4440f3f4a072fe0ff4ab5d237cae5f3485d3bd51ce8053bf336aa4286f0e16d796e83c40c99d236cbe08c54b6914e34a5b307968d3d3fb88aa977a0
Score10/10-
RevengeRat Executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-