revengerat | 3248338f08f0a3316dd06a3893ff4a38459eb812d2463265deb73eef4dfcddb3 | Triage

Sharing

General

Target

3248338f08f0a3316dd06a3893ff4a38459eb812d2463265deb73eef4dfcddb3
Size

45KB
Sample

220219-k1c4zabbfj
MD5

61daa29f8789c8955145c4fd95d082a2
SHA1

92277533be60b333f4e79b1f6e5d821cfa9f818e
SHA256

3248338f08f0a3316dd06a3893ff4a38459eb812d2463265deb73eef4dfcddb3
SHA512

21dc0806c3337121cb68ed5a4d552fac992371b02fbbb664dd703c6cf586082d02c74db82261405e1af6acab3524c0b48eed12d1270cdfa5c9fc0a3faa2757b3

Score

10^/10

revengerat client trojan

Malware Config

Extracted

Family

revengerat

Botnet

Client

C2

kimjoy.ddns.net:2021

Mutex

RXQLV8XYTDNHNSA

Targets

- Target
  
  3248338f08f0a3316dd06a3893ff4a38459eb812d2463265deb73eef4dfcddb3
- Size
  
  45KB
- MD5
  
  61daa29f8789c8955145c4fd95d082a2
- SHA1
  
  92277533be60b333f4e79b1f6e5d821cfa9f818e
- SHA256
  
  3248338f08f0a3316dd06a3893ff4a38459eb812d2463265deb73eef4dfcddb3
- SHA512
  
  21dc0806c3337121cb68ed5a4d552fac992371b02fbbb664dd703c6cf586082d02c74db82261405e1af6acab3524c0b48eed12d1270cdfa5c9fc0a3faa2757b3
Score

10^/10

revengerat client trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

revengeratclienttrojan