General
-
Target
Client.exe
-
Size
106KB
-
Sample
230731-rwqb3ahf4s
-
MD5
7b5b2a9dcb13d67e75aa734192b4aedb
-
SHA1
0f17e3af368066c2fcc439b6b9a9a5196acd5773
-
SHA256
78581129ce6d8cd874b44cf3410606e34dd046f58c8cd27adb76d320ac41b048
-
SHA512
c02d46465cc63f4573c5f76737e93ece6b1971d3825492711457f9e82bbf4bd2549dba55472095b24f153ed461993942340a6b1cc23889f16b79d3a35ea8256d
-
SSDEEP
1536:+GarZJv6qFp9LrurRt/TJz8uPU/4nh3hDBq+vD3tSY6BA:DaFhp9Lat9TrU/GDb9SYYA
Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20230712-en
Malware Config
Extracted
revengerat
MyBot
209.25.141.181:54077
RV_MUTEX-SawrHJfWfhaRClg
Targets
-
-
Target
Client.exe
-
Size
106KB
-
MD5
7b5b2a9dcb13d67e75aa734192b4aedb
-
SHA1
0f17e3af368066c2fcc439b6b9a9a5196acd5773
-
SHA256
78581129ce6d8cd874b44cf3410606e34dd046f58c8cd27adb76d320ac41b048
-
SHA512
c02d46465cc63f4573c5f76737e93ece6b1971d3825492711457f9e82bbf4bd2549dba55472095b24f153ed461993942340a6b1cc23889f16b79d3a35ea8256d
-
SSDEEP
1536:+GarZJv6qFp9LrurRt/TJz8uPU/4nh3hDBq+vD3tSY6BA:DaFhp9Lat9TrU/GDb9SYYA
Score10/10-
RevengeRat Executable
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-