Overview

overview

10

Static

static

3

Anti-AFK.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Anti-AFK.exe

  • Size

    1.0MB

  • Sample

    250413-ezqe1syyhy

  • MD5

    d123427182e9ec7b19765f32fc159719

  • SHA1

    3c171e57af9aec12bbe63065149b9a63a7d53e11

  • SHA256

    07dfacdc603bb28beb153f81bb4519a7239bdcf8411e5c5f7c26b54ceb5a3865

  • SHA512

    7efea1b0914bdd4c29363ca782495cb88fc4a81bcde2ce39b7cae83bd57bf27334eef3e08c3131250f8bbc4b4f466fcacab1c22c1369cc860ba87d43a1fa8534

  • SSDEEP

    24576:ozbQfQjWKM072B6PUppfZkyE3ScFYTYwYkPBlIpFIa:ofQfiZ7q/ruyE3SSY0wYkZ

Score
10/10
revengeratdiscoverystealertrojan

Malware Config

Targets

    • Target

      Anti-AFK.exe

    • Size

      1.0MB

    • MD5

      d123427182e9ec7b19765f32fc159719

    • SHA1

      3c171e57af9aec12bbe63065149b9a63a7d53e11

    • SHA256

      07dfacdc603bb28beb153f81bb4519a7239bdcf8411e5c5f7c26b54ceb5a3865

    • SHA512

      7efea1b0914bdd4c29363ca782495cb88fc4a81bcde2ce39b7cae83bd57bf27334eef3e08c3131250f8bbc4b4f466fcacab1c22c1369cc860ba87d43a1fa8534

    • SSDEEP

      24576:ozbQfQjWKM072B6PUppfZkyE3ScFYTYwYkPBlIpFIa:ofQfiZ7q/ruyE3SSY0wYkZ

    Score
    10/10
    revengeratdiscoverystealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Revengerat family

      revengerat

    • RevengeRat Executable

      stealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks