General
-
Target
Client.exe
-
Size
146KB
-
Sample
230728-maq91sch84
-
MD5
7c6887a5440dbd2f3e1e63a478e73439
-
SHA1
187934cc4e55830fecb6a906fa389f6146f8a075
-
SHA256
8575bbd6c6d677491401cf901173f5518c3169f7481dc426c283fba9d5056509
-
SHA512
94df707f52c448a59d34943f2eeea35a5c777378b6547fab0b2ce09182615756ad4bc6c12b1ac229073fd2101345c1ed3790d44c8f20a4e009e7448226130ab6
-
SSDEEP
3072:sr85CwjF9+lcUIMSDD9SYEVBCf3p9ezOV:k9m9+lcTnDR7EVBO3pT
Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20230712-en
Malware Config
Extracted
revengerat
MyBot
209.25.141.181:54077
RV_MUTEX-NnFwUnoWrUUg
Targets
-
-
Target
Client.exe
-
Size
146KB
-
MD5
7c6887a5440dbd2f3e1e63a478e73439
-
SHA1
187934cc4e55830fecb6a906fa389f6146f8a075
-
SHA256
8575bbd6c6d677491401cf901173f5518c3169f7481dc426c283fba9d5056509
-
SHA512
94df707f52c448a59d34943f2eeea35a5c777378b6547fab0b2ce09182615756ad4bc6c12b1ac229073fd2101345c1ed3790d44c8f20a4e009e7448226130ab6
-
SSDEEP
3072:sr85CwjF9+lcUIMSDD9SYEVBCf3p9ezOV:k9m9+lcTnDR7EVBO3pT
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
RevengeRat Executable
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-