Overview

overview

10

Static

static

10

f08b4bf9d6...fe.exe

windows7_x64

7

f08b4bf9d6...fe.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f08b4bf9d69bb3d0d8331da658d55642c03537ce985075b9c95ba6dfc69587fe

  • Size

    17KB

  • Sample

    220205-j3fgfahdd5

  • MD5

    0282e3f3c85d9dc212922206b57c075f

  • SHA1

    a91370bc6c253102f091489f65580f6318e2f3ca

  • SHA256

    f08b4bf9d69bb3d0d8331da658d55642c03537ce985075b9c95ba6dfc69587fe

  • SHA512

    bdd5021930bca1cf2f68f01593ee223815fa49d2a7c2dfc530fa7a4098eb74e12195beea8c743a5e8dd326ce1af5198268a4ae8721257c747feebb67d8e0d6e5

Score
10/10
revengeratguestpersistencestealer

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

windowuser.ddns.net:1117

Mutex

RV_MUTEX

Targets

    • Target

      f08b4bf9d69bb3d0d8331da658d55642c03537ce985075b9c95ba6dfc69587fe

    • Size

      17KB

    • MD5

      0282e3f3c85d9dc212922206b57c075f

    • SHA1

      a91370bc6c253102f091489f65580f6318e2f3ca

    • SHA256

      f08b4bf9d69bb3d0d8331da658d55642c03537ce985075b9c95ba6dfc69587fe

    • SHA512

      bdd5021930bca1cf2f68f01593ee223815fa49d2a7c2dfc530fa7a4098eb74e12195beea8c743a5e8dd326ce1af5198268a4ae8721257c747feebb67d8e0d6e5

    Score
    8/10
    persistence

    • Sets service image path in registry

      persistence

    • Drops startup file

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks