General
-
Target
Client4PM..exe
-
Size
110KB
-
Sample
230201-1ewbesec9z
-
MD5
daff18d429d8e204c64744a3a88ba2ba
-
SHA1
1114cad32e4cd92fde15074d9dc99d8566d79b6c
-
SHA256
51fc1cf2dbaed0c5ff69592c4cd4a6f1d64aedebb981ead20713dfc940e86ce5
-
SHA512
848f40484c50c2eaa7d02419aa0b7d10f8689724ad1053f72fccf1d30c2e574e6298e4c715091b5fdb4b5510461eb595acb1a6137edb641dbd2b7ef8a6a3c9e0
-
SSDEEP
1536:BaSUrc/jYJ4c6hFJQn5pNS9jO8jc2jadmn+3iDBq+KD3tSYCz9+:gSUejMaFGn/ejO8jcqadKDG9SYy9+
Behavioral task
behavioral1
Sample
Client4PM..exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
revengerat
Guest
applications-tri.at.ply.gg:28896
Updater
Targets
-
-
Target
Client4PM..exe
-
Size
110KB
-
MD5
daff18d429d8e204c64744a3a88ba2ba
-
SHA1
1114cad32e4cd92fde15074d9dc99d8566d79b6c
-
SHA256
51fc1cf2dbaed0c5ff69592c4cd4a6f1d64aedebb981ead20713dfc940e86ce5
-
SHA512
848f40484c50c2eaa7d02419aa0b7d10f8689724ad1053f72fccf1d30c2e574e6298e4c715091b5fdb4b5510461eb595acb1a6137edb641dbd2b7ef8a6a3c9e0
-
SSDEEP
1536:BaSUrc/jYJ4c6hFJQn5pNS9jO8jc2jadmn+3iDBq+KD3tSYCz9+:gSUejMaFGn/ejO8jcqadKDG9SYy9+
Score10/10-
RevengeRat Executable
-
Executes dropped EXE
-
Drops startup file
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-