b0ccc2d765e0be5f10788374290b4e7e0bf65fa6c70f1e210933ebfa14b308e1 | Triage

Sharing

General

Target

RevoltG.Installer.exe
Size

565KB
Sample

250111-hhqagasjgl
MD5

bfb3135262e74dd36ff9202a1e5c283e
SHA1

5c5235392f8e6386c0789f310088b1f9850c9073
SHA256

b0ccc2d765e0be5f10788374290b4e7e0bf65fa6c70f1e210933ebfa14b308e1
SHA512

a53a02f98718dfec785f1161e1a49e5c80afb01a3a34945ac1af5f2cd7ee76fd4bc390fa50295851ac78ed460923cf9e90dae96646cb372a7ae5681e30d93860
SSDEEP

6144:r6bnkKO2bo92MrACNftaE30yUcRXCkys/BLbMemV7bTb89PMtB8BPqZ6Kuh:rHtEMJN/EyUIX54dT7t+Pq0h

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  RevoltG.Installer.exe
- Size
  
  565KB
- MD5
  
  bfb3135262e74dd36ff9202a1e5c283e
- SHA1
  
  5c5235392f8e6386c0789f310088b1f9850c9073
- SHA256
  
  b0ccc2d765e0be5f10788374290b4e7e0bf65fa6c70f1e210933ebfa14b308e1
- SHA512
  
  a53a02f98718dfec785f1161e1a49e5c80afb01a3a34945ac1af5f2cd7ee76fd4bc390fa50295851ac78ed460923cf9e90dae96646cb372a7ae5681e30d93860
- SSDEEP
  
  6144:r6bnkKO2bo92MrACNftaE30yUcRXCkys/BLbMemV7bTb89PMtB8BPqZ6Kuh:rHtEMJN/EyUIX54dT7t+Pq0h
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2