General
-
Target
a050521e44bf504fe73e220798b66ce91259238fbcb1b04e206f5a78959e5aeb
-
Size
600KB
-
Sample
230310-leddaace69
-
MD5
628e9b3aa525960223fd93bae86b5e7d
-
SHA1
906713e97ce6618590ea72f5633416730a0a7317
-
SHA256
a050521e44bf504fe73e220798b66ce91259238fbcb1b04e206f5a78959e5aeb
-
SHA512
31b2bcbea386c883331057db445cf68dc7eebb065deced483f149408528aadfa3b405f4efd06b8ac73cf237592f7142cc35ad88e149d532e4c9bc86c038f7550
-
SSDEEP
12288:nUG2pBoy4QQbDRfEk9Iz/rduerdgpjtDNzNpEsRkP7mHqx9bsejWgsWsHQb0Awwc:VuBoyw
Static task
static1
Behavioral task
behavioral1
Sample
a050521e44bf504fe73e220798b66ce91259238fbcb1b04e206f5a78959e5aeb.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
revengerat
Guest
127.0.0.1:333
127.0.0.1:37734
127.0.0.1:12792
songs-travel.at.ply.gg:333
songs-travel.at.ply.gg:37734
songs-travel.at.ply.gg:12792
tcp://5.tcp.eu.ngrok.io:333
tcp://5.tcp.eu.ngrok.io:37734
tcp://5.tcp.eu.ngrok.io:12792
RV_MUTEX
Targets
-
-
Target
a050521e44bf504fe73e220798b66ce91259238fbcb1b04e206f5a78959e5aeb
-
Size
600KB
-
MD5
628e9b3aa525960223fd93bae86b5e7d
-
SHA1
906713e97ce6618590ea72f5633416730a0a7317
-
SHA256
a050521e44bf504fe73e220798b66ce91259238fbcb1b04e206f5a78959e5aeb
-
SHA512
31b2bcbea386c883331057db445cf68dc7eebb065deced483f149408528aadfa3b405f4efd06b8ac73cf237592f7142cc35ad88e149d532e4c9bc86c038f7550
-
SSDEEP
12288:nUG2pBoy4QQbDRfEk9Iz/rduerdgpjtDNzNpEsRkP7mHqx9bsejWgsWsHQb0Awwc:VuBoyw
Score10/10-
RevengeRat Executable
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-