General
-
Target
3b85020323e7b11ba66d785eaf5fa7e3cf3e21791f6b97e6abef4f579266fa3d
-
Size
943KB
-
Sample
220724-sweq1ahagr
-
MD5
c3d7fac817472717e5ea1f86ac1ff617
-
SHA1
5a79365fdae5a436e6aea22ff1155734a8ae92f7
-
SHA256
3b85020323e7b11ba66d785eaf5fa7e3cf3e21791f6b97e6abef4f579266fa3d
-
SHA512
8d0a0a393b5916c21fcaf84b3751d459682877c3150034a732e91583a327f6039b2dd121e38672016a3dff99629976bc70ea7b2d3f5ecbf566e6e9901a97e656
Static task
static1
Behavioral task
behavioral1
Sample
3b85020323e7b11ba66d785eaf5fa7e3cf3e21791f6b97e6abef4f579266fa3d.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
3b85020323e7b11ba66d785eaf5fa7e3cf3e21791f6b97e6abef4f579266fa3d.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
revengerat
Guest
ournewcompany2.hopto.org:333
RV_MUTEX
Targets
-
-
Target
3b85020323e7b11ba66d785eaf5fa7e3cf3e21791f6b97e6abef4f579266fa3d
-
Size
943KB
-
MD5
c3d7fac817472717e5ea1f86ac1ff617
-
SHA1
5a79365fdae5a436e6aea22ff1155734a8ae92f7
-
SHA256
3b85020323e7b11ba66d785eaf5fa7e3cf3e21791f6b97e6abef4f579266fa3d
-
SHA512
8d0a0a393b5916c21fcaf84b3751d459682877c3150034a732e91583a327f6039b2dd121e38672016a3dff99629976bc70ea7b2d3f5ecbf566e6e9901a97e656
Score10/10-
RevengeRat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-