14239f779476ffd6a6a5e3f61e8a3c25463ac44a726ab3ebd7305390a9a1c909 | Triage

Sharing

General

Target

SecuriteInfo.com.BackDoor.RevetRat.2.8146.13970
Size

226KB
Sample

220107-stnacscgfp
MD5

630ffbde8b5a7fb2c6bfc043fa26dc71
SHA1

09cb118f084da39aaa19ac5d0faffb5842042607
SHA256

14239f779476ffd6a6a5e3f61e8a3c25463ac44a726ab3ebd7305390a9a1c909
SHA512

7b01979c034f4b29f7a97edeb178e503a45ed58abfd88348618e135462956af5c276a01ebe0c9b55eb74fd8a5fba7983425cd540e0a913684548cdb51ef0268b

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  SecuriteInfo.com.BackDoor.RevetRat.2.8146.13970
- Size
  
  226KB
- MD5
  
  630ffbde8b5a7fb2c6bfc043fa26dc71
- SHA1
  
  09cb118f084da39aaa19ac5d0faffb5842042607
- SHA256
  
  14239f779476ffd6a6a5e3f61e8a3c25463ac44a726ab3ebd7305390a9a1c909
- SHA512
  
  7b01979c034f4b29f7a97edeb178e503a45ed58abfd88348618e135462956af5c276a01ebe0c9b55eb74fd8a5fba7983425cd540e0a913684548cdb51ef0268b
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2