General
-
Target
d7520f1f5438e4e82c1234fbcb10c6dc
-
Size
32KB
-
Sample
240319-28sytsah3t
-
MD5
d7520f1f5438e4e82c1234fbcb10c6dc
-
SHA1
3519cb4f9c82611a9a40e3d15b3fb5432bad023e
-
SHA256
1572fa79a4de01323cc1f469d514d9711b3f88f47eedf6af7041f595d23f0c6a
-
SHA512
2f7069d30f6d6e078510f7052370eeb0b13a13bc46c1482a213dcb224d1996ea2243b8a52962b4d1617f7359ebfd9e832d33762f61cfab92476ea82120bacfa3
-
SSDEEP
768:PhbHMfBd7PENmw5hWh70OyDbod+wvlJKAiv6AGi0/ZWThQ:5HMfzemquy3od+wvlJKAi9Gi0B2Q
Malware Config
Extracted
revengerat
Office
workwinrarhost.ddns.com.br:333
office.minhaempresa.tv:333
RV_MUTEX-ViGGjjtnxDpnFw
Targets
-
-
Target
d7520f1f5438e4e82c1234fbcb10c6dc
-
Size
32KB
-
MD5
d7520f1f5438e4e82c1234fbcb10c6dc
-
SHA1
3519cb4f9c82611a9a40e3d15b3fb5432bad023e
-
SHA256
1572fa79a4de01323cc1f469d514d9711b3f88f47eedf6af7041f595d23f0c6a
-
SHA512
2f7069d30f6d6e078510f7052370eeb0b13a13bc46c1482a213dcb224d1996ea2243b8a52962b4d1617f7359ebfd9e832d33762f61cfab92476ea82120bacfa3
-
SSDEEP
768:PhbHMfBd7PENmw5hWh70OyDbod+wvlJKAiv6AGi0/ZWThQ:5HMfzemquy3od+wvlJKAi9Gi0B2Q
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
RevengeRat Executable
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-