General
-
Target
0552f81dac0204225b13c3b096b8f29bc89e221b9245cb893e7af31869314939
-
Size
6.6MB
-
Sample
230129-x7qd4aah74
-
MD5
4fa298a31dcb76657128b92350a0234e
-
SHA1
29ad9d23a2fd10a697cd0128edec56803f29a1bb
-
SHA256
0552f81dac0204225b13c3b096b8f29bc89e221b9245cb893e7af31869314939
-
SHA512
7095b26dccf45ac0eea02a4b6ac3ce0812cc74818338cb171656d73886c3c0e38a8066e19390dd507df3b10dc14a72f18f655f300d959515fb92c406de798cec
-
SSDEEP
196608:gb01x9LY/k8a+Le9jrv4b9YR4zLD+sfFxBgYirXGVafo:gb0f902BqiR4Dd7iYag
Static task
static1
Behavioral task
behavioral1
Sample
0552f81dac0204225b13c3b096b8f29bc89e221b9245cb893e7af31869314939.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
0552f81dac0204225b13c3b096b8f29bc89e221b9245cb893e7af31869314939.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
loveuo11222.ddns.net:5552
edf49507d18aa53c7edda61c9c878fa0
-
reg_key
edf49507d18aa53c7edda61c9c878fa0
-
splitter
|'|'|
Extracted
revengerat
Targets
-
-
Target
0552f81dac0204225b13c3b096b8f29bc89e221b9245cb893e7af31869314939
-
Size
6.6MB
-
MD5
4fa298a31dcb76657128b92350a0234e
-
SHA1
29ad9d23a2fd10a697cd0128edec56803f29a1bb
-
SHA256
0552f81dac0204225b13c3b096b8f29bc89e221b9245cb893e7af31869314939
-
SHA512
7095b26dccf45ac0eea02a4b6ac3ce0812cc74818338cb171656d73886c3c0e38a8066e19390dd507df3b10dc14a72f18f655f300d959515fb92c406de798cec
-
SSDEEP
196608:gb01x9LY/k8a+Le9jrv4b9YR4zLD+sfFxBgYirXGVafo:gb0f902BqiR4Dd7iYag
-
RevengeRat Executable
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-