Overview

overview

10

Static

static

Quotation #01521.exe

windows7_x64

10

Quotation #01521.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation #01521.exe

  • Size

    816KB

  • Sample

    210105-nbpajjepkn

  • MD5

    73619a5f7eab7a80e0fbbd5c8493c9b4

  • SHA1

    84db67126574c21ef3233518452876ad123b4aa1

  • SHA256

    7a538b979c2a126fb287ed7bbb18ac55687273dfbac2c09de85f073c9bf5e3df

  • SHA512

    b92f4239da62411edcbf2378e67e28a307752f1b55d5977527e83069630a5d9894bb4f7138473da42f183b6fc5cdcb334aff76805acbae6908b35ed8716940c4

Score
10/10
revengerat2021persistencestealertrojan

Malware Config

Extracted

Family

revengerat

Botnet

2021

C2

chongmei33.myddns.rocks:57438

37.120.208.40:57438
Mutex

RV_MUTEX-ITXZMONFueOciqX

Targets

    • Target

      Quotation #01521.exe

    • Size

      816KB

    • MD5

      73619a5f7eab7a80e0fbbd5c8493c9b4

    • SHA1

      84db67126574c21ef3233518452876ad123b4aa1

    • SHA256

      7a538b979c2a126fb287ed7bbb18ac55687273dfbac2c09de85f073c9bf5e3df

    • SHA512

      b92f4239da62411edcbf2378e67e28a307752f1b55d5977527e83069630a5d9894bb4f7138473da42f183b6fc5cdcb334aff76805acbae6908b35ed8716940c4

    Score
    10/10
    revengerat2021persistencestealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • RevengeRat Executable

      stealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks