General

  • Target

    0063f6a96b61507a769319cf8f9a3f97d9bef5e266636e2e0b94c41784f3536e

  • Size

    967KB

  • Sample

    220502-vqz6vsdeaj

  • MD5

    ee2fe8acd41c86fead2525b4420a5956

  • SHA1

    991f74f3f33de2757af89c1e62090a9703f21fc2

  • SHA256

    0063f6a96b61507a769319cf8f9a3f97d9bef5e266636e2e0b94c41784f3536e

  • SHA512

    ed19c53ae47fa77a6e45c479f40bc240373b76ca63d56c77f15cefb3885bbb4f7bca447a30c34b8846cc611d966d2d21487495ce2ed0d78c627d73c7ef2e7a78

Malware Config

Extracted

Family

revengerat

Botnet

noip

C2

redlan.hopto.org:3344

Mutex

RV_MUTEX-EUnoWrUUgHRHX

Targets

    • Target

      0063f6a96b61507a769319cf8f9a3f97d9bef5e266636e2e0b94c41784f3536e

    • Size

      967KB

    • MD5

      ee2fe8acd41c86fead2525b4420a5956

    • SHA1

      991f74f3f33de2757af89c1e62090a9703f21fc2

    • SHA256

      0063f6a96b61507a769319cf8f9a3f97d9bef5e266636e2e0b94c41784f3536e

    • SHA512

      ed19c53ae47fa77a6e45c479f40bc240373b76ca63d56c77f15cefb3885bbb4f7bca447a30c34b8846cc611d966d2d21487495ce2ed0d78c627d73c7ef2e7a78

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • RevengeRat Executable

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks