General
-
Target
bece3488b3155a5548994721aa0f3002a494aca7dcc7b440380ece60769bf2de
-
Size
338KB
-
Sample
221130-qke7aadc83
-
MD5
0773929cc7c87c2ca9cb5656e58393c9
-
SHA1
0ac39fb18f79be244c290878ea7667fa0d259bd8
-
SHA256
bece3488b3155a5548994721aa0f3002a494aca7dcc7b440380ece60769bf2de
-
SHA512
ff8fceab4e0c6316abcf45b943de75e78456278f9c4bb4619e218c90de8313d0bec5c4b569e008e76940bd7d87ee4d9c4b0f0d630e7f2a4bf829fa5f960726f3
-
SSDEEP
6144:uNMT2GhNravgaCHQiRgkktkAvgyFvatu6REs9TBaM5O5vWNZqK:u42iNUCwkgkktkAI8yY6Rpw5yZqK
Static task
static1
Behavioral task
behavioral1
Sample
bece3488b3155a5548994721aa0f3002a494aca7dcc7b440380ece60769bf2de.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
bece3488b3155a5548994721aa0f3002a494aca7dcc7b440380ece60769bf2de.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
revengerat
Targets
-
-
Target
bece3488b3155a5548994721aa0f3002a494aca7dcc7b440380ece60769bf2de
-
Size
338KB
-
MD5
0773929cc7c87c2ca9cb5656e58393c9
-
SHA1
0ac39fb18f79be244c290878ea7667fa0d259bd8
-
SHA256
bece3488b3155a5548994721aa0f3002a494aca7dcc7b440380ece60769bf2de
-
SHA512
ff8fceab4e0c6316abcf45b943de75e78456278f9c4bb4619e218c90de8313d0bec5c4b569e008e76940bd7d87ee4d9c4b0f0d630e7f2a4bf829fa5f960726f3
-
SSDEEP
6144:uNMT2GhNravgaCHQiRgkktkAvgyFvatu6REs9TBaM5O5vWNZqK:u42iNUCwkgkktkAI8yY6Rpw5yZqK
Score10/10-
RevengeRat Executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-