Overview

overview

10

Static

static

Docs draft...rm.exe

windows7_x64

10

Docs draft...rm.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Docs draft comfirm.exe

  • Size

    634KB

  • Sample

    210602-86h2p513je

  • MD5

    06b489cf55e5fb333ae93d27b8cfc520

  • SHA1

    1d6657688be52c19e80bf600e669b83380418c28

  • SHA256

    f2144d80f6316ad2fc3d92b1371e6b10fc620ddf38dc3d231a307627bad15b71

  • SHA512

    ce4f269964a19722b29e295a5ee5cb4dac0aca5522e3bb9c82e19970a489015e20104bcd78b5f9cd47cf84aceae7b36715095a07352984158f685f8d41ff09a0

Score
10/10
revengeratevapimptrojan

Malware Config

Extracted

Family

revengerat

Botnet

EVAPIMP

C2

canarybeachhotel.sa:2028

Mutex

RV_MUTEX-QD45QIW83Y0M3H43IAX1P6

Targets

    • Target

      Docs draft comfirm.exe

    • Size

      634KB

    • MD5

      06b489cf55e5fb333ae93d27b8cfc520

    • SHA1

      1d6657688be52c19e80bf600e669b83380418c28

    • SHA256

      f2144d80f6316ad2fc3d92b1371e6b10fc620ddf38dc3d231a307627bad15b71

    • SHA512

      ce4f269964a19722b29e295a5ee5cb4dac0aca5522e3bb9c82e19970a489015e20104bcd78b5f9cd47cf84aceae7b36715095a07352984158f685f8d41ff09a0

    Score
    10/10
    revengeratevapimptrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks