General
-
Target
2cab934053dd983b5588cbe0a6660663ffb52d36888180badc0ac36de7402ea9
-
Size
546KB
-
Sample
230828-h3ygksag5s
-
MD5
3e500e0b4816fe81a0eb0e568536fe8a
-
SHA1
0a11673f4bce81bf839fa22ff825cc39b64849e1
-
SHA256
2cab934053dd983b5588cbe0a6660663ffb52d36888180badc0ac36de7402ea9
-
SHA512
a3d1b8f60ba042ea97164aa198b256570fd2b20a5f1a7aae09271fcb213eb2650e3de1502d3aaf7204d6aeaf07e0519b5b62eb05decd8eba521576a10038fa79
-
SSDEEP
3072:C7Ms2moru6ObSfmUYzD0z00bvFu5isBzW1K1+tAc/opGsXs9SYQo9S8wwydT:9Yoa6O+fHqD70bNolIDoW7QoRO
Behavioral task
behavioral1
Sample
2cab934053dd983b5588cbe0a6660663ffb52d36888180badc0ac36de7402ea9.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
2cab934053dd983b5588cbe0a6660663ffb52d36888180badc0ac36de7402ea9.exe
Resource
win10v2004-20230824-en
Malware Config
Extracted
revengerat
Guest
127.0.0.1:333
killer2017.ddns.net:333
RV_MUTEX-cawrHJfWfhaRC
Targets
-
-
Target
2cab934053dd983b5588cbe0a6660663ffb52d36888180badc0ac36de7402ea9
-
Size
546KB
-
MD5
3e500e0b4816fe81a0eb0e568536fe8a
-
SHA1
0a11673f4bce81bf839fa22ff825cc39b64849e1
-
SHA256
2cab934053dd983b5588cbe0a6660663ffb52d36888180badc0ac36de7402ea9
-
SHA512
a3d1b8f60ba042ea97164aa198b256570fd2b20a5f1a7aae09271fcb213eb2650e3de1502d3aaf7204d6aeaf07e0519b5b62eb05decd8eba521576a10038fa79
-
SSDEEP
3072:C7Ms2moru6ObSfmUYzD0z00bvFu5isBzW1K1+tAc/opGsXs9SYQo9S8wwydT:9Yoa6O+fHqD70bNolIDoW7QoRO
Score10/10-
RevengeRat Executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-