Overview

overview

10

Static

static

f7f42dfc07...60.vbs

windows7_x64

3

f7f42dfc07...60.vbs

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f7f42dfc0745edd972064828479c2f022e841cc0a7d49e13f02a2b66f25fb260

  • Size

    458KB

  • Sample

    220219-kzx3raabd4

  • MD5

    19a61aa2ec75f1708f03c8087d2c896f

  • SHA1

    ba5e80d5e7bd659629a1ff6315f6826666602bc7

  • SHA256

    f7f42dfc0745edd972064828479c2f022e841cc0a7d49e13f02a2b66f25fb260

  • SHA512

    eed10f44eb45921f27f4a9733e71302cd70b3d5209ccb2696b99fdce10a415f04b489bdad30b5d80311d4f6ee09d9833d8d2e92c981a3ea33784c4202ef65694

Score
10/10
revengeratclienttrojan

Malware Config

Extracted

Family

revengerat

Botnet

Client

C2

kimjoy.ddns.net:6699

Mutex

S1NTYL5X286LOEH

Targets

    • Target

      f7f42dfc0745edd972064828479c2f022e841cc0a7d49e13f02a2b66f25fb260

    • Size

      458KB

    • MD5

      19a61aa2ec75f1708f03c8087d2c896f

    • SHA1

      ba5e80d5e7bd659629a1ff6315f6826666602bc7

    • SHA256

      f7f42dfc0745edd972064828479c2f022e841cc0a7d49e13f02a2b66f25fb260

    • SHA512

      eed10f44eb45921f27f4a9733e71302cd70b3d5209ccb2696b99fdce10a415f04b489bdad30b5d80311d4f6ee09d9833d8d2e92c981a3ea33784c4202ef65694

    Score
    10/10
    revengeratclienttrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks