General
-
Target
c8fab2420e415b0fbf6150db06489423e2a1c2c157f5d358da778f9f8b40810b
-
Size
2.0MB
-
Sample
230914-n9ldgsbg9y
-
MD5
0941a4fa0970b79ef40ed40477f44d84
-
SHA1
21c98ed736dfb59d82d2282df064b2c5910c334a
-
SHA256
c8fab2420e415b0fbf6150db06489423e2a1c2c157f5d358da778f9f8b40810b
-
SHA512
9fa4c85ded7f4d4d27cda37ae673463d649d6249191762fba31121164ecebdd6055873f93b023fef1a7131e712c06526c4e9ec7c147d81f657e6395ef5bd6226
-
SSDEEP
24576:WgTx6i2SglpO5Y1uFfFPstldQ23X5IzekGE+5PKhGTelgkBV9bJPH3MolTJyQ3Oi:Lgi5Ht+CUpI7+N9o9fN
Static task
static1
Behavioral task
behavioral1
Sample
c8fab2420e415b0fbf6150db06489423e2a1c2c157f5d358da778f9f8b40810b.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
c8fab2420e415b0fbf6150db06489423e2a1c2c157f5d358da778f9f8b40810b.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
revengerat
LimeBuilder
127.0.0.1:1337
RV_MUTEX-FZMONFueOciq
Targets
-
-
Target
c8fab2420e415b0fbf6150db06489423e2a1c2c157f5d358da778f9f8b40810b
-
Size
2.0MB
-
MD5
0941a4fa0970b79ef40ed40477f44d84
-
SHA1
21c98ed736dfb59d82d2282df064b2c5910c334a
-
SHA256
c8fab2420e415b0fbf6150db06489423e2a1c2c157f5d358da778f9f8b40810b
-
SHA512
9fa4c85ded7f4d4d27cda37ae673463d649d6249191762fba31121164ecebdd6055873f93b023fef1a7131e712c06526c4e9ec7c147d81f657e6395ef5bd6226
-
SSDEEP
24576:WgTx6i2SglpO5Y1uFfFPstldQ23X5IzekGE+5PKhGTelgkBV9bJPH3MolTJyQ3Oi:Lgi5Ht+CUpI7+N9o9fN
Score10/10-
RevengeRat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-