General
-
Target
94245f5f535d986ad764c670db35ecf2ca10aedb7770e0959ca23a2a30ef7dc6
-
Size
136KB
-
Sample
220724-2m13babedn
-
MD5
e518aaf5bd01393f6ebd19d18544a2df
-
SHA1
8e5fe78c881d1251f7257a7cb6f9f82fb9a1a9e4
-
SHA256
94245f5f535d986ad764c670db35ecf2ca10aedb7770e0959ca23a2a30ef7dc6
-
SHA512
90a3313c8531da012972e9418d5ea64bb98b9df0d35b947b025664a47a4b928291f8b654f8f18b7a0a2b3bec7f50598ed2f223448e800b10ee5bad84402991b9
Static task
static1
Behavioral task
behavioral1
Sample
94245f5f535d986ad764c670db35ecf2ca10aedb7770e0959ca23a2a30ef7dc6.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
94245f5f535d986ad764c670db35ecf2ca10aedb7770e0959ca23a2a30ef7dc6.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
revengerat
Guest
193.70.71.227:9622
193.70.71.227:8845
obimu2275.duck.dns:9622
obimu2275.duck.dns:8845
RV_MUTEX-ZlgZblRvZwfRtNH
Targets
-
-
Target
94245f5f535d986ad764c670db35ecf2ca10aedb7770e0959ca23a2a30ef7dc6
-
Size
136KB
-
MD5
e518aaf5bd01393f6ebd19d18544a2df
-
SHA1
8e5fe78c881d1251f7257a7cb6f9f82fb9a1a9e4
-
SHA256
94245f5f535d986ad764c670db35ecf2ca10aedb7770e0959ca23a2a30ef7dc6
-
SHA512
90a3313c8531da012972e9418d5ea64bb98b9df0d35b947b025664a47a4b928291f8b654f8f18b7a0a2b3bec7f50598ed2f223448e800b10ee5bad84402991b9
Score10/10-
RevengeRat Executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-