General
-
Target
1b4a335db0e6efd5b56004bba323afd71d8db9fa43b4f6650a0bc791d87e1dbe
-
Size
3.4MB
-
Sample
220708-thbb4abeb4
-
MD5
7ddaf6c0ccdf99faced8f866a3670206
-
SHA1
08f5844c6413dbcc5d1b765247c93d4c13c97914
-
SHA256
1b4a335db0e6efd5b56004bba323afd71d8db9fa43b4f6650a0bc791d87e1dbe
-
SHA512
3321c6c6f9982cd179597dfa7b0612b81358b594a7e216a1bfde0dd638d4324a90b9f373f5be9681de9324c363193dd7c5fd565cc57e7766ffe1fb077b4bdf02
Static task
static1
Behavioral task
behavioral1
Sample
1b4a335db0e6efd5b56004bba323afd71d8db9fa43b4f6650a0bc791d87e1dbe.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1b4a335db0e6efd5b56004bba323afd71d8db9fa43b4f6650a0bc791d87e1dbe.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
1b4a335db0e6efd5b56004bba323afd71d8db9fa43b4f6650a0bc791d87e1dbe
-
Size
3.4MB
-
MD5
7ddaf6c0ccdf99faced8f866a3670206
-
SHA1
08f5844c6413dbcc5d1b765247c93d4c13c97914
-
SHA256
1b4a335db0e6efd5b56004bba323afd71d8db9fa43b4f6650a0bc791d87e1dbe
-
SHA512
3321c6c6f9982cd179597dfa7b0612b81358b594a7e216a1bfde0dd638d4324a90b9f373f5be9681de9324c363193dd7c5fd565cc57e7766ffe1fb077b4bdf02
Score10/10-
RevengeRat Executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-