Overview

overview

10

Static

static

c411b53875...a5.exe

windows7_x64

10

c411b53875...a5.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c411b538758c6a43014cc15b7eb76dfbc036f9960463f464980f1b8e7f392da5

  • Size

    158KB

  • Sample

    220319-vbhy2aebd7

  • MD5

    31a1ca812ea498de949a1fbf05fa6acc

  • SHA1

    cfa6b8f13e9388a068f66614f1afb615112a3dc1

  • SHA256

    c411b538758c6a43014cc15b7eb76dfbc036f9960463f464980f1b8e7f392da5

  • SHA512

    e076f2c1dfcced6a1b0798fb557d9af4a5b6d142a64f866c1dd36d497a4b1a765322faa392210ae704f5092c90067ddcd0104de79d7d83e59fa0ed0337e1b89f

Score
10/10
revengerat000000000persistencestealertrojan

Malware Config

Extracted

Family

revengerat

Botnet

000000000

C2

github-58677.portmap.io:58677

github-58677.portmap.io:3333

anunankis1.duckdns.org:58677

anunankis1.duckdns.org:3333

anunankis10.duckdns.org:58677

anunankis10.duckdns.org:3333
Mutex

RV_MUTEX

Targets

    • Target

      c411b538758c6a43014cc15b7eb76dfbc036f9960463f464980f1b8e7f392da5

    • Size

      158KB

    • MD5

      31a1ca812ea498de949a1fbf05fa6acc

    • SHA1

      cfa6b8f13e9388a068f66614f1afb615112a3dc1

    • SHA256

      c411b538758c6a43014cc15b7eb76dfbc036f9960463f464980f1b8e7f392da5

    • SHA512

      e076f2c1dfcced6a1b0798fb557d9af4a5b6d142a64f866c1dd36d497a4b1a765322faa392210ae704f5092c90067ddcd0104de79d7d83e59fa0ed0337e1b89f

    Score
    10/10
    revengerat000000000persistencestealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • RevengeRat Executable

      stealer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks