General

  • Target

    xuhHcXaf.exe

  • Size

    17KB

  • Sample

    201229-9j37hp1y9j

  • MD5

    c27671f8918a8dab7a62d5cb2610a84a

  • SHA1

    5374d090cca0730bb48e1308c87ba1eb33d7474e

  • SHA256

    ce33e156cf93f70c1e265b51a623a040c42d54c90af89d701c55c4ecdb33e203

  • SHA512

    0be78696c1924b9db2a88f2ad4fdd24cfe476a57561a03172ba845ddd8ca4d7e47f38f2083dff33a0a0e98ca4fcf5fe9b4bb8623600cd8c277decc89921ddd46

Malware Config

Extracted

Family

revengerat

Botnet

figaro

C2

185.204.1.236:3312

Mutex

RV_MUTEX-mheVqDyMpzZJHOw

Targets

    • Target

      xuhHcXaf.exe

    • Size

      17KB

    • MD5

      c27671f8918a8dab7a62d5cb2610a84a

    • SHA1

      5374d090cca0730bb48e1308c87ba1eb33d7474e

    • SHA256

      ce33e156cf93f70c1e265b51a623a040c42d54c90af89d701c55c4ecdb33e203

    • SHA512

      0be78696c1924b9db2a88f2ad4fdd24cfe476a57561a03172ba845ddd8ca4d7e47f38f2083dff33a0a0e98ca4fcf5fe9b4bb8623600cd8c277decc89921ddd46

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • RevengeRat Executable

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks