General
-
Target
d501d27e1fbaeb2616d25c7c62d532a8a0d0f6f9aa8cbaa1b5d643c3a4936f3eN
-
Size
948KB
-
Sample
241020-qc53qs1gqn
-
MD5
c83e83d7f6694f711b5a0978b65d8e60
-
SHA1
fd1d8ffef30043088d78341c83f132b0df627bb7
-
SHA256
d501d27e1fbaeb2616d25c7c62d532a8a0d0f6f9aa8cbaa1b5d643c3a4936f3e
-
SHA512
7b2cb73dba159130378d87d45ea4a2c0afe34d1ccdbe3068e63626ef8ea351cf4183a6ce33aacb65d2ebbc7722c2d7189e5615977f91c98418780d0c42cab8ce
-
SSDEEP
24576:8AHnh+eWsN3skA4RV1Hom2KXMmHalSLUf5U:bh+ZkldoPK8YalvU
Static task
static1
Behavioral task
behavioral1
Sample
d501d27e1fbaeb2616d25c7c62d532a8a0d0f6f9aa8cbaa1b5d643c3a4936f3eN.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
d501d27e1fbaeb2616d25c7c62d532a8a0d0f6f9aa8cbaa1b5d643c3a4936f3eN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
revengerat
Guest
flames.hernetek.com:2522
RV_MUTEX-LuSAtYBxGgZH
Targets
-
-
Target
d501d27e1fbaeb2616d25c7c62d532a8a0d0f6f9aa8cbaa1b5d643c3a4936f3eN
-
Size
948KB
-
MD5
c83e83d7f6694f711b5a0978b65d8e60
-
SHA1
fd1d8ffef30043088d78341c83f132b0df627bb7
-
SHA256
d501d27e1fbaeb2616d25c7c62d532a8a0d0f6f9aa8cbaa1b5d643c3a4936f3e
-
SHA512
7b2cb73dba159130378d87d45ea4a2c0afe34d1ccdbe3068e63626ef8ea351cf4183a6ce33aacb65d2ebbc7722c2d7189e5615977f91c98418780d0c42cab8ce
-
SSDEEP
24576:8AHnh+eWsN3skA4RV1Hom2KXMmHalSLUf5U:bh+ZkldoPK8YalvU
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Suspicious use of SetThreadContext
-