General
-
Target
d6d0a2663b63dd57235c5dd45ce4465f353c75ac9df8f9f2460be6ae7ef1f739N.exe
-
Size
1.7MB
-
Sample
241211-n27xhs1pbz
-
MD5
9d1b6d3c4c06b74ab02471fa26024a20
-
SHA1
e5c739a9ae3e1f25c69d9c8e2eec71222e5a0d5f
-
SHA256
d6d0a2663b63dd57235c5dd45ce4465f353c75ac9df8f9f2460be6ae7ef1f739
-
SHA512
3aac2eb448be3c27475a9b7f50a2639f17171cf6ddd145cc71a5a15989431cafe7360c3b01a9da050c1c1e5149dc9f5ecb96876585c7f2c2bce4456e089c5a8f
-
SSDEEP
49152:vcGL0yvl07QwY4AYgH1DsAyhYtzo/V/8I56KHygdmQPgQvz2:vcGTvDwYvHOdozm8I5nygdnJb2
Static task
static1
Behavioral task
behavioral1
Sample
d6d0a2663b63dd57235c5dd45ce4465f353c75ac9df8f9f2460be6ae7ef1f739N.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
d6d0a2663b63dd57235c5dd45ce4465f353c75ac9df8f9f2460be6ae7ef1f739N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
revengerat
Guest
127.0.0.1:333
RV_MUTEX-vZblRvZwfRtNH
Targets
-
-
Target
d6d0a2663b63dd57235c5dd45ce4465f353c75ac9df8f9f2460be6ae7ef1f739N.exe
-
Size
1.7MB
-
MD5
9d1b6d3c4c06b74ab02471fa26024a20
-
SHA1
e5c739a9ae3e1f25c69d9c8e2eec71222e5a0d5f
-
SHA256
d6d0a2663b63dd57235c5dd45ce4465f353c75ac9df8f9f2460be6ae7ef1f739
-
SHA512
3aac2eb448be3c27475a9b7f50a2639f17171cf6ddd145cc71a5a15989431cafe7360c3b01a9da050c1c1e5149dc9f5ecb96876585c7f2c2bce4456e089c5a8f
-
SSDEEP
49152:vcGL0yvl07QwY4AYgH1DsAyhYtzo/V/8I56KHygdmQPgQvz2:vcGTvDwYvHOdozm8I5nygdnJb2
Score10/10-
Revengerat family
-
RevengeRat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-