General

  • Target

    ZCgngKMK.exe

  • Size

    27KB

  • Sample

    201221-tapy6zab4n

  • MD5

    038265381c07bdfe9e316ee37300deaa

  • SHA1

    3acf06557ebe350907ce0ffbe21679e4a1cbb9b3

  • SHA256

    db5eb754fff22b0478702d838e7b0e4d7285e8859a4bcf6fe1288ca83ff16a8b

  • SHA512

    e83bee3420124a2ff829464b926c86f35736e51fae0baafeb18bbd253df7135bf661a951859dc857807f76f0fa7bd33bc79bc2a9a1f6e8ab687afa8b4f86692f

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

Rigisterio-37154.portmap.host:37154

Mutex

RV_MUTEX-DCGRFbTXZMONF

Targets

    • Target

      ZCgngKMK.exe

    • Size

      27KB

    • MD5

      038265381c07bdfe9e316ee37300deaa

    • SHA1

      3acf06557ebe350907ce0ffbe21679e4a1cbb9b3

    • SHA256

      db5eb754fff22b0478702d838e7b0e4d7285e8859a4bcf6fe1288ca83ff16a8b

    • SHA512

      e83bee3420124a2ff829464b926c86f35736e51fae0baafeb18bbd253df7135bf661a951859dc857807f76f0fa7bd33bc79bc2a9a1f6e8ab687afa8b4f86692f

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • RevengeRat Executable

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks