General
-
Target
Client.bat
-
Size
265KB
-
Sample
240611-f1c2rawblg
-
MD5
01e96014af705a61d5ca83d367517549
-
SHA1
403b1418e8ff1b7bb218cf87bfb7cc45905ea3e1
-
SHA256
0259988df01a82ad5936bc17d01a96b07b8bd530790bf47277535edef3100ffc
-
SHA512
af19bf403f1204bef43d12b9c6872a0e67da2f8a6d168dd14481968c5d418fa982a3aa8677f7b011f39314ef6a351e785af3d46e692443cc23ea1fa3b2cbb7d2
-
SSDEEP
6144:c5G5RlzeUqntbabTty2g13glFyDZdCq0PfxGY:c5G5RUUguTE31QqddT0PZGY
Malware Config
Extracted
revengerat
Targets
-
-
Target
Client.bat
-
Size
265KB
-
MD5
01e96014af705a61d5ca83d367517549
-
SHA1
403b1418e8ff1b7bb218cf87bfb7cc45905ea3e1
-
SHA256
0259988df01a82ad5936bc17d01a96b07b8bd530790bf47277535edef3100ffc
-
SHA512
af19bf403f1204bef43d12b9c6872a0e67da2f8a6d168dd14481968c5d418fa982a3aa8677f7b011f39314ef6a351e785af3d46e692443cc23ea1fa3b2cbb7d2
-
SSDEEP
6144:c5G5RlzeUqntbabTty2g13glFyDZdCq0PfxGY:c5G5RUUguTE31QqddT0PZGY
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
RevengeRat Executable
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-