Overview

overview

3

Static

static

1

URLScan

urlscan

https://github.com/D...

windows7-x64

3

Resubmissions

08-12-2024 17:12

241208-vqsrsavler 10

08-12-2024 17:10

241208-vp68savldj 3

Analysis

  • max time kernel
    33s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08-12-2024 17:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/RAT/RevengeRAT.exe

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/RAT/RevengeRAT.exe
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2148
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:948
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2168

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
        Filesize

        2KB

        MD5

        3abff11d79846fb6d9e6a3df99b730c5

        SHA1

        ed488805b19c03755156f3b4a50d050b851edccc

        SHA256

        aab9feb711da96b634138345c11ea9323039df4193f87624bf9a4202d07e0c02

        SHA512

        7590186f7184126804537481d25c8af82f5c1c7bdac5621f57ad11957e2bf093c8e95abd9e82caeeab94d5261b1aa9e79799a1bd907a5aa3685aa76b74fd394f

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
        Filesize

        1KB

        MD5

        9bd77d27f83e3605d6e84113abed7671

        SHA1

        779e99f2ceb6f2fec66e6e278ed194b0307912a1

        SHA256

        75fa5e045110700fc13c9084b4cb19c92fe36676ad5cad853690499a93fe3107

        SHA512

        3467f48a0aa77551f88bac2c31ee4475e32e6e6606e6cbee4f8779c11083eec2e499c10210986b86882db7c9da4a0bcecf0aae1a6a988fb88329476e1b55153d

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        f49ca5a0162f635113eb2056085e1354

        SHA1

        198428b94354793406c93b2891169e76da5f5757

        SHA256

        963ab6dfc86abca24fe004e6f0769ab3b8f5c95ae70d54db394a8e2805e6164e

        SHA512

        30785c26ad7b754f4be8d4fd59dc50ee1053c53f1d0c584f8d55f486ea3154f7c0766a4a9d614cebb2c3b60488347d89d5d85d1b73ee14431a9b7d354cd3681b

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        9f2653653d93433b7a90da235dfaa93d

        SHA1

        cce691ff02aaf6523270453aef5524c7beaa2bfd

        SHA256

        aaae895f308919ccd5a031c2a9148a841e58b3dc871648c8ae7bf2bb361aec3d

        SHA512

        cb0da12ed817a2d651479a07b159ce54006c8538f558f786cdac019a11c5360be523ec0eedc0116bd4d983f6a154c535baf6accd8d5bf06a3cd95cef6e3f2a19

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        dfe2df3ff1551133d3274e714c1ebc6f

        SHA1

        41d61d82a3c01ebfb96e16f2fc707589f3171fc4

        SHA256

        aed911962ac007991b079e770ede8db2761e9d81be6ff8f2f8e7dca4907a5c27

        SHA512

        a38bb8dc350bb835570b8dee83f6e4ca7e8fb98664ec38d7379a22fd6095b5cb01161323ed5fc5ce89749af0085d372763c6480162074cdb0eeddb6c2d880b1f

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        7e5b140100f796a65725d4bbb13f8ffa

        SHA1

        01931fd199869fb135e2337876dab86722fcc4ea

        SHA256

        9335ea9a70a91d917c2717149c0c111ac7ef94ca11d4e408d79037de2ae6bded

        SHA512

        5b1bb38ffb61aefd92a7c184d20c93de527dc152f63e5d4ff6b769de01ce84d3590d12415cbff954e527be496402d2cd2669761f5fee900798a3023e6156c25d

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        7be3e269e4cc4883056fd42a1795fefe

        SHA1

        5bae3c51e170a66d2425c10a5fe9daec5f45cd7c

        SHA256

        9b924b4b0d2e35d4df6cc37f3b7b4a674e83ace740c948b6bdf9bfb7c6563d65

        SHA512

        262f32d39a60070facb19d5f35c5781fc900c157f6fe96b43ae4ff3fc6af5003e3f12c9e206d47dfafe118333acdacf054f1ec6ceac061fe8005d155667a0bbb

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        31c0991f067f022292bc3d5bbaa19e8f

        SHA1

        98971241283f861f4e310fb118ca6f3686d8b9ea

        SHA256

        7fbf7d019cf26f45dcb71400aa898f2c5b1d7575f5e5e2a752e10c3a9f3fe7a9

        SHA512

        ebb370107380041a186429f2d6c923e66a3463bf5fd625bd6c4f4fb8525f537dcd65bd0d7102bf3db1c073713393b6088ee1b695065f43629bc61643d8f032f5

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        70302781e587655d0dc1a3596dedd89a

        SHA1

        0c9f6f900803bdf0ca784215e2ce2dbcb4e9fa72

        SHA256

        17aa0adebb41acf8d022a49fd269be878033e0c57c2edc268af07274f0118832

        SHA512

        896dd3f60e420e741696ccedd8bcaf38cf6485be3b5f87154ae36fccdab391f870aa3890013ee4a6b01fcd868c7b180752041bfc6532e4f87e1dfebbb0cfc4c2

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        bd7c446223ec3c2271bc4367e3b29c3a

        SHA1

        c2c0c19de1e478034459afd05802588868607231

        SHA256

        6e5fab2d82cd3ee98d6fe5535f025a0be4359fc2b3822e6cde964e9e00438947

        SHA512

        f7fe004f636374f01a8348c8fc1246638caeea559ee072125fa45473921e6dc1e5f9bcdcd460c5d1ea4e5b09fe0abe42390cf4b0a68e843d518d25a447c50b4e

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        9489b443a832fb8bf1aad1bfaffa2a02

        SHA1

        7278c504623ba5fc8e4f75df9b19ef0f3114267c

        SHA256

        6e14e48c45698bd12f79b8b4c778182fc6b25935111e91ee54c96e36b0071bc4

        SHA512

        13da2c4775b920275200770671ee9f2ca481ff0f8c62fddefdddb71ef502e35f5fc52e19657be6b3ce42c2e6d3ab374977b87b399dd3b1bde00e6fefe2cdcd6c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        437f91992f55f95fb09dbf6055de8c31

        SHA1

        b58f6400b4dfb0dbd0e2ac05303e77e847a28984

        SHA256

        e26b5bfd0bc0e27c5bd61517ae1fc569daf967cbf930269b44f951b5d9842c82

        SHA512

        130cb0ad8df13a75da52c9f77e7a2123dabce06285a39f0fc2b99f74d5d4b93ce17c6e283b7a6ceb7b23110d79386b89d654037f8843c5c97ca3b8071533f94c

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bl977i7\imagestore.dat
        Filesize

        1KB

        MD5

        45277440e3911e9cf3d055c004740b63

        SHA1

        60b6251a4de9ddf1f199dd6a01bc10f486c02041

        SHA256

        a5b780b97b2f154bf0a38a0e5bd93e1d0b84cacdaef3f804864b337cc88cc37e

        SHA512

        0bac98fbe3411296de945e4945d1b2e93f7feaf5b778cba8dff071c3955a37de502d7148fe3bd1ec8b8d5142ee534aff785322df6880be28ff8ba1f21d2076c5

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\favicon[1].png
        Filesize

        958B

        MD5

        346e09471362f2907510a31812129cd2

        SHA1

        323b99430dd424604ae57a19a91f25376e209759

        SHA256

        74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

        SHA512

        a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\CabD71F.tmp
        Filesize

        70KB

        MD5

        49aebf8cbd62d92ac215b2923fb1b9f5

        SHA1

        1723be06719828dda65ad804298d0431f6aff976

        SHA256

        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

        SHA512

        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\TarD751.tmp
        Filesize

        181KB

        MD5

        4ea6026cf93ec6338144661bf1202cd1

        SHA1

        a1dec9044f750ad887935a01430bf49322fbdcb7

        SHA256

        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

        SHA512

        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        Download Submit

      • memory/948-767-0x0000000002D90000-0x0000000002D91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2168-768-0x0000000002B30000-0x0000000002B31000-memory.dmp

        Filesize

        4KB

        Download