General
-
Target
f0145c6b2a9193d8acf4d7824e97c273f20eab640a50e7e96a90cb1dc4cb27ac
-
Size
23KB
-
Sample
220731-hc3cvachd5
-
MD5
83646fd58f4e3294c3acd012e9bc2da2
-
SHA1
c89035b624f353832a633be6e040b801c5fa1ae0
-
SHA256
f0145c6b2a9193d8acf4d7824e97c273f20eab640a50e7e96a90cb1dc4cb27ac
-
SHA512
a16d6e4f0b0404b4bbc734fd92fb267c3d47bdb070ef4316779104ab60ce4c6e3df4c938952003e3184cade94d5a8fd9f9be910ba7b07562c8e94fc970c2d6b1
Behavioral task
behavioral1
Sample
f0145c6b2a9193d8acf4d7824e97c273f20eab640a50e7e96a90cb1dc4cb27ac.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
f0145c6b2a9193d8acf4d7824e97c273f20eab640a50e7e96a90cb1dc4cb27ac.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
revengerat
admin
34.95.176.194:5000
RV_MUTEX-DYBGldGoFYEKgHD
Targets
-
-
Target
f0145c6b2a9193d8acf4d7824e97c273f20eab640a50e7e96a90cb1dc4cb27ac
-
Size
23KB
-
MD5
83646fd58f4e3294c3acd012e9bc2da2
-
SHA1
c89035b624f353832a633be6e040b801c5fa1ae0
-
SHA256
f0145c6b2a9193d8acf4d7824e97c273f20eab640a50e7e96a90cb1dc4cb27ac
-
SHA512
a16d6e4f0b0404b4bbc734fd92fb267c3d47bdb070ef4316779104ab60ce4c6e3df4c938952003e3184cade94d5a8fd9f9be910ba7b07562c8e94fc970c2d6b1
Score10/10-
RevengeRat Executable
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-