revengerat | f2144d80f6316ad2fc3d92b1371e6b10fc620ddf38dc3d231a307627bad15b71 | Triage

Sharing

General

Target

Docs draft comfirm.exe
Size

634KB
Sample

210602-86h2p513je
MD5

06b489cf55e5fb333ae93d27b8cfc520
SHA1

1d6657688be52c19e80bf600e669b83380418c28
SHA256

f2144d80f6316ad2fc3d92b1371e6b10fc620ddf38dc3d231a307627bad15b71
SHA512

ce4f269964a19722b29e295a5ee5cb4dac0aca5522e3bb9c82e19970a489015e20104bcd78b5f9cd47cf84aceae7b36715095a07352984158f685f8d41ff09a0

Score

10^/10

revengerat evapimp trojan

Malware Config

Extracted

Family

revengerat

Botnet

EVAPIMP

C2

canarybeachhotel.sa:2028

Mutex

RV_MUTEX-QD45QIW83Y0M3H43IAX1P6

Targets

- Target
  
  Docs draft comfirm.exe
- Size
  
  634KB
- MD5
  
  06b489cf55e5fb333ae93d27b8cfc520
- SHA1
  
  1d6657688be52c19e80bf600e669b83380418c28
- SHA256
  
  f2144d80f6316ad2fc3d92b1371e6b10fc620ddf38dc3d231a307627bad15b71
- SHA512
  
  ce4f269964a19722b29e295a5ee5cb4dac0aca5522e3bb9c82e19970a489015e20104bcd78b5f9cd47cf84aceae7b36715095a07352984158f685f8d41ff09a0
Score

10^/10

revengerat evapimp trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratevapimptrojan

behavioral2

revengeratevapimptrojan