General
-
Target
3ee2a25d9a6d78d9c9484bd95373bb5a0eb98f5f14d4981e9c572acf7f2ff769
-
Size
193KB
-
Sample
220701-e5dneacbcm
-
MD5
b6c3692bfbd98dcc39a6347fa9f4fb69
-
SHA1
23c2cf93874bb36b5daa25f3bef46b8d93bfa046
-
SHA256
3ee2a25d9a6d78d9c9484bd95373bb5a0eb98f5f14d4981e9c572acf7f2ff769
-
SHA512
0c2ca210ad2b90219227629b6e0009c920b96124cc9d5c00379dd97dadca24abccd45503c177cc5a400ca7f27ce255943cf72f01810576e862d02881cc8b33a7
Static task
static1
Behavioral task
behavioral1
Sample
3ee2a25d9a6d78d9c9484bd95373bb5a0eb98f5f14d4981e9c572acf7f2ff769.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3ee2a25d9a6d78d9c9484bd95373bb5a0eb98f5f14d4981e9c572acf7f2ff769.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
revengerat
bobo2019
hushbob123.hopto.org:4951
hushbob12301.hopto.org:4951
hushbob12302.hopto.org:4951
hushbob12303.hopto.org:4951
RV_MUTEX-XyMpzZJHOwDt
Targets
-
-
Target
3ee2a25d9a6d78d9c9484bd95373bb5a0eb98f5f14d4981e9c572acf7f2ff769
-
Size
193KB
-
MD5
b6c3692bfbd98dcc39a6347fa9f4fb69
-
SHA1
23c2cf93874bb36b5daa25f3bef46b8d93bfa046
-
SHA256
3ee2a25d9a6d78d9c9484bd95373bb5a0eb98f5f14d4981e9c572acf7f2ff769
-
SHA512
0c2ca210ad2b90219227629b6e0009c920b96124cc9d5c00379dd97dadca24abccd45503c177cc5a400ca7f27ce255943cf72f01810576e862d02881cc8b33a7
Score10/10-
RevengeRat Executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-