General
-
Target
2024-10-30_c9ad8f950e975cecfc2e85b79326b4f4_hiddentear_hijackloader
-
Size
350KB
-
Sample
241030-qa8e3stflb
-
MD5
c9ad8f950e975cecfc2e85b79326b4f4
-
SHA1
aecc6400d68559ba92637292644ade24e02b9ddb
-
SHA256
c9997d5664a47fac12a286025f182ae425a9cf65795ec237b9649a45348273d3
-
SHA512
0b8825ae1b9bfbf408768c50129c0274ff1b62a1dbe325a3bc8803715ea64059a4c5b898a35e2b32465930f426d713cbf28c4fc2e1f1c6a673163d9aa0d34418
-
SSDEEP
3072:GUBA5vrL4pq/LABoKxhuKqoa4HLImWV2l+Rp954GvmoLA+rH8BJMM+lmsolAIrRL:05X4pyLAidskFRxrvq+lDAAs
Malware Config
Extracted
revengerat
SPAM
kilimanjaro.cloudns.nz:8809
kilimanjaro.run.place:8809
kilimanjaro.crabdance.com:8809
kilimanjaro.bigmoney.biz:8809
kilimanjaro.theworkpc.com:8809
burkinafaso.duckdns.org:8809
RV_MUTEX-GYuaWVCGnhpCsG
Targets
-
-
Target
2024-10-30_c9ad8f950e975cecfc2e85b79326b4f4_hiddentear_hijackloader
-
Size
350KB
-
MD5
c9ad8f950e975cecfc2e85b79326b4f4
-
SHA1
aecc6400d68559ba92637292644ade24e02b9ddb
-
SHA256
c9997d5664a47fac12a286025f182ae425a9cf65795ec237b9649a45348273d3
-
SHA512
0b8825ae1b9bfbf408768c50129c0274ff1b62a1dbe325a3bc8803715ea64059a4c5b898a35e2b32465930f426d713cbf28c4fc2e1f1c6a673163d9aa0d34418
-
SSDEEP
3072:GUBA5vrL4pq/LABoKxhuKqoa4HLImWV2l+Rp954GvmoLA+rH8BJMM+lmsolAIrRL:05X4pyLAidskFRxrvq+lDAAs
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Revengerat family
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Suspicious use of SetThreadContext
-