revengerat | f24016eadd5ac1e6ce3822d0ffb92459e9455fcf15fa93703e5cddb34151ad98 | Triage

Sharing

General

Target

Swift MT103 & Bank Details,pdf.exe
Size

783KB
Sample

210607-l1m6bm93v2
MD5

c7b6950fc14795d0c9df548d62ccbf78
SHA1

5c8bd970726639a931d011123c7dd7cb3bb91352
SHA256

f24016eadd5ac1e6ce3822d0ffb92459e9455fcf15fa93703e5cddb34151ad98
SHA512

e033ee11b5fabe72f9cbf11b9af8b701300ee4d6955ce1b6a72b25fcdcf29149e4d1d2e370a53d75a4180ece064d383f1622f141123abdeed8017e01b6c34009

Score

10^/10

revengerat billion trojan

Malware Config

Extracted

Family

revengerat

Botnet

BILLION

C2

rej.rejgroups.com:4040

Mutex

RV_MUTEX-Y6F7MMH6M66HDLJMYP6B6P

Targets

- Target
  
  Swift MT103 & Bank Details,pdf.exe
- Size
  
  783KB
- MD5
  
  c7b6950fc14795d0c9df548d62ccbf78
- SHA1
  
  5c8bd970726639a931d011123c7dd7cb3bb91352
- SHA256
  
  f24016eadd5ac1e6ce3822d0ffb92459e9455fcf15fa93703e5cddb34151ad98
- SHA512
  
  e033ee11b5fabe72f9cbf11b9af8b701300ee4d6955ce1b6a72b25fcdcf29149e4d1d2e370a53d75a4180ece064d383f1622f141123abdeed8017e01b6c34009
Score

10^/10

revengerat billion trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratbilliontrojan

behavioral2

revengeratbilliontrojan