Overview

overview

10

Static

static

Inquiry fo...21.exe

windows7_x64

10

Inquiry fo...21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Inquiry for PR#420002721.exe

  • Size

    1.5MB

  • Sample

    210607-98pvybcl3j

  • MD5

    dde13188551677147b0011ba37b4c844

  • SHA1

    055c798b8e54c4079a8b16df421571d09b5dc7b6

  • SHA256

    ef7e26f9256f7c41a9c0834cce3ba599c4cbcc857ab87a7fcc4b50ccebe5b813

  • SHA512

    3d8ad5274902b4e94fd49fab1879a8dead74656e4904d690813239874e4b4ff0bf9dab18bb6e9524bfebd2788c86d25f803f57833bde16feb045242664a5fb5e

Score
10/10
revengeratdegracetrojan

Malware Config

Extracted

Family

revengerat

Botnet

DEGRACE

C2

77.247.110.178:5040

Mutex

RV_MUTEX-MB4S0YIGA6UFWH10GXQLHP

Targets

    • Target

      Inquiry for PR#420002721.exe

    • Size

      1.5MB

    • MD5

      dde13188551677147b0011ba37b4c844

    • SHA1

      055c798b8e54c4079a8b16df421571d09b5dc7b6

    • SHA256

      ef7e26f9256f7c41a9c0834cce3ba599c4cbcc857ab87a7fcc4b50ccebe5b813

    • SHA512

      3d8ad5274902b4e94fd49fab1879a8dead74656e4904d690813239874e4b4ff0bf9dab18bb6e9524bfebd2788c86d25f803f57833bde16feb045242664a5fb5e

    Score
    10/10
    revengeratdegracetrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks