Overview

overview

10

Static

static

1538bdbcaa...80.exe

windows7_x64

10

1538bdbcaa...80.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1538bdbcaa726662785bd503063af939f08260b45400292592bf63caa4d8a280

  • Size

    254KB

  • Sample

    220326-ctn9nacagq

  • MD5

    2e0028323603aa6918e38e0c92755825

  • SHA1

    f477007ed48ad39afb53d5c82383bc99423fb2ef

  • SHA256

    1538bdbcaa726662785bd503063af939f08260b45400292592bf63caa4d8a280

  • SHA512

    2de163f12b6ae8ca02ece0b94c9dc9fa24f8d645f8ac2ebc054b6e141aa0204073f50cf357cdfb74979ed164f1a5af01262270bc7ba60486a69dc24005ed8df0

Score
10/10
revengeratnovstealertrojan

Malware Config

Extracted

Family

revengerat

Botnet

Nov

C2

80.82.68.21:3333

Mutex

RV_MUTEX-IgZblRvZwfRt

Targets

    • Target

      1538bdbcaa726662785bd503063af939f08260b45400292592bf63caa4d8a280

    • Size

      254KB

    • MD5

      2e0028323603aa6918e38e0c92755825

    • SHA1

      f477007ed48ad39afb53d5c82383bc99423fb2ef

    • SHA256

      1538bdbcaa726662785bd503063af939f08260b45400292592bf63caa4d8a280

    • SHA512

      2de163f12b6ae8ca02ece0b94c9dc9fa24f8d645f8ac2ebc054b6e141aa0204073f50cf357cdfb74979ed164f1a5af01262270bc7ba60486a69dc24005ed8df0

    Score
    10/10
    revengeratnovstealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Beds Protector Packer

      Detects Beds Protector packer used to load .NET malware.

    • RevengeRat Executable

      stealer

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks