Overview

overview

10

Static

static

MID REF. Q...77.exe

windows7_x64

10

MID REF. Q...77.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MID REF. QT-MID19=11777.exe

  • Size

    991KB

  • Sample

    210607-l73rvl7mvx

  • MD5

    39082bcd7e25ae956fccb7e941d5256d

  • SHA1

    8b4f9fd2198af765dcce75c0222919c638e4fa29

  • SHA256

    05233a50ac2c427372ab8475a2f4dc5f031f87af0cc916dc824a2c66837afc4e

  • SHA512

    dff7aba7f2e5bb65d1aa506a1f6770f4f7761aa17f28bfcdaca407b0aa7ae3b6bf0fd3599fc0dd979418313c4aa26930aec99ed89ba420811cdce9010940f41c

Score
10/10
revengeratdegracetrojan

Malware Config

Extracted

Family

revengerat

Botnet

DEGRACE

C2

77.247.110.178:5040

Mutex

RV_MUTEX-MB4S0YIGA6UFWH10GXQLHP

Targets

    • Target

      MID REF. QT-MID19=11777.exe

    • Size

      991KB

    • MD5

      39082bcd7e25ae956fccb7e941d5256d

    • SHA1

      8b4f9fd2198af765dcce75c0222919c638e4fa29

    • SHA256

      05233a50ac2c427372ab8475a2f4dc5f031f87af0cc916dc824a2c66837afc4e

    • SHA512

      dff7aba7f2e5bb65d1aa506a1f6770f4f7761aa17f28bfcdaca407b0aa7ae3b6bf0fd3599fc0dd979418313c4aa26930aec99ed89ba420811cdce9010940f41c

    Score
    10/10
    revengeratdegracetrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks