revengerat | 3088fcd46c51e7ace8aee4e9bfb018aa1d0b0a52fbea62e5ef121e4fe637ebfc | Triage

Sharing

General

Target

3088fcd46c51e7ace8aee4e9bfb018aa1d0b0a52fbea62e5ef121e4fe637ebfc
Size

45KB
Sample

220128-1k92rseceq
MD5

63c5e64fd30104fdcd110195fe5ab80b
SHA1

4ae03d50984dfc366baaf8d975a552f53713b85f
SHA256

3088fcd46c51e7ace8aee4e9bfb018aa1d0b0a52fbea62e5ef121e4fe637ebfc
SHA512

f5c4ed20cc010d6128c8d1c8a48469d32f3c944eec4b2878a8d3a207492ec16e2e975135fce6c22a7809d204df74ef2f01246914f22d0a8a1468da3e76d4d7eb

Score

10^/10

revengerat cdt4.0 stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

CDT4.0

C2

office365update.duckdns.org:3000

office365update.duckdns.org:4000

systen32.ddns.net:3000

systen32.ddns.net:4000

Mutex

RV_MUTEX-WindowsUpdateSysten32

Targets

- Target
  
  3088fcd46c51e7ace8aee4e9bfb018aa1d0b0a52fbea62e5ef121e4fe637ebfc
- Size
  
  45KB
- MD5
  
  63c5e64fd30104fdcd110195fe5ab80b
- SHA1
  
  4ae03d50984dfc366baaf8d975a552f53713b85f
- SHA256
  
  3088fcd46c51e7ace8aee4e9bfb018aa1d0b0a52fbea62e5ef121e4fe637ebfc
- SHA512
  
  f5c4ed20cc010d6128c8d1c8a48469d32f3c944eec4b2878a8d3a207492ec16e2e975135fce6c22a7809d204df74ef2f01246914f22d0a8a1468da3e76d4d7eb
Score

10^/10

revengerat cdt4.0 stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratcdt4.0stealertrojan

behavioral2

revengeratcdt4.0stealertrojan