General

  • Target

    83a144d39dc86fa698a0138c57790e5f4b3728abd66bab8905b2f0eaf6dba111

  • Size

    6.5MB

  • Sample

    220501-3d24paahgm

  • MD5

    78ecf15f03e417d8ed95537e51e51ffa

  • SHA1

    c4f92a3f1ae4f520e67fe4f049fbf847c0a1f76f

  • SHA256

    83a144d39dc86fa698a0138c57790e5f4b3728abd66bab8905b2f0eaf6dba111

  • SHA512

    c08096c2a9e10bfa8d1ae22b8226ed3551b0e1663d679309c9c859ac5add87928612e98b97f91cd020756cfe7d56e62892ba33d33c27763d57625e453b94e29b

Malware Config

Targets

    • Target

      83a144d39dc86fa698a0138c57790e5f4b3728abd66bab8905b2f0eaf6dba111

    • Size

      6.5MB

    • MD5

      78ecf15f03e417d8ed95537e51e51ffa

    • SHA1

      c4f92a3f1ae4f520e67fe4f049fbf847c0a1f76f

    • SHA256

      83a144d39dc86fa698a0138c57790e5f4b3728abd66bab8905b2f0eaf6dba111

    • SHA512

      c08096c2a9e10bfa8d1ae22b8226ed3551b0e1663d679309c9c859ac5add87928612e98b97f91cd020756cfe7d56e62892ba33d33c27763d57625e453b94e29b

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • RevengeRat Executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks