General

  • Target

    Swift MT103 & Bank Details,pdf.exe

  • Size

    783KB

  • Sample

    210607-l1m6bm93v2

  • MD5

    c7b6950fc14795d0c9df548d62ccbf78

  • SHA1

    5c8bd970726639a931d011123c7dd7cb3bb91352

  • SHA256

    f24016eadd5ac1e6ce3822d0ffb92459e9455fcf15fa93703e5cddb34151ad98

  • SHA512

    e033ee11b5fabe72f9cbf11b9af8b701300ee4d6955ce1b6a72b25fcdcf29149e4d1d2e370a53d75a4180ece064d383f1622f141123abdeed8017e01b6c34009

Malware Config

Extracted

Family

revengerat

Botnet

BILLION

C2

rej.rejgroups.com:4040

Mutex

RV_MUTEX-Y6F7MMH6M66HDLJMYP6B6P

Targets

    • Target

      Swift MT103 & Bank Details,pdf.exe

    • Size

      783KB

    • MD5

      c7b6950fc14795d0c9df548d62ccbf78

    • SHA1

      5c8bd970726639a931d011123c7dd7cb3bb91352

    • SHA256

      f24016eadd5ac1e6ce3822d0ffb92459e9455fcf15fa93703e5cddb34151ad98

    • SHA512

      e033ee11b5fabe72f9cbf11b9af8b701300ee4d6955ce1b6a72b25fcdcf29149e4d1d2e370a53d75a4180ece064d383f1622f141123abdeed8017e01b6c34009

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Tasks