General
-
Target
68ce3565bb806ee7bbda7256c0270333f069f6677850c9ec2511404602643f1c.exe
-
Size
3.6MB
-
Sample
241124-hyd75syrax
-
MD5
559a0f99f9f896e2c54a8e565592966b
-
SHA1
0cd2f8dcfe72649b04c1508aa900cfd4f8f13460
-
SHA256
68ce3565bb806ee7bbda7256c0270333f069f6677850c9ec2511404602643f1c
-
SHA512
6349d566f1df3eace2975b193cab125e54480a0e145e456e8972c25de412458d0380d6d79630d7fffb9d6112dfa1d6669550d26dae61884b08da1e283248d7cb
-
SSDEEP
98304:7Y323PnLFoz1zTLE/J8WySsKBmeEMLM2yTP+OXwacX:2QPLS2yjKMCMxb7ghX
Malware Config
Targets
-
-
Target
68ce3565bb806ee7bbda7256c0270333f069f6677850c9ec2511404602643f1c.exe
-
Size
3.6MB
-
MD5
559a0f99f9f896e2c54a8e565592966b
-
SHA1
0cd2f8dcfe72649b04c1508aa900cfd4f8f13460
-
SHA256
68ce3565bb806ee7bbda7256c0270333f069f6677850c9ec2511404602643f1c
-
SHA512
6349d566f1df3eace2975b193cab125e54480a0e145e456e8972c25de412458d0380d6d79630d7fffb9d6112dfa1d6669550d26dae61884b08da1e283248d7cb
-
SSDEEP
98304:7Y323PnLFoz1zTLE/J8WySsKBmeEMLM2yTP+OXwacX:2QPLS2yjKMCMxb7ghX
Score10/10-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Revengerat family
-
RevengeRat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1