Overview

overview

10

Static

static

37b319541d...69.exe

windows7_x64

6

37b319541d...69.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    37b319541d45bfb21b89977e579d81b161c55d24e580a455b0fb2d1dbb471e69

  • Size

    55KB

  • Sample

    220502-wxedeafcej

  • MD5

    e62a598e2a43efb4aa080455d70ad9c4

  • SHA1

    ec296fd2130c41479c9743fb93cdaab8675882d6

  • SHA256

    37b319541d45bfb21b89977e579d81b161c55d24e580a455b0fb2d1dbb471e69

  • SHA512

    593e714e18181f95b2f25bc556f0ee3e9ed26981d4611eeb7516c7453405387562ab693dd24df39019d226e14352b4095fe8a787e4c8723fa1e51649d9000d29

Score
10/10
revengeratmr_ahmedtrojan

Malware Config

Extracted

Family

revengerat

Botnet

MR_ahmed

C2

192.168.1.2:333

Mutex

9f8d2a8cc3e644

Targets

    • Target

      37b319541d45bfb21b89977e579d81b161c55d24e580a455b0fb2d1dbb471e69

    • Size

      55KB

    • MD5

      e62a598e2a43efb4aa080455d70ad9c4

    • SHA1

      ec296fd2130c41479c9743fb93cdaab8675882d6

    • SHA256

      37b319541d45bfb21b89977e579d81b161c55d24e580a455b0fb2d1dbb471e69

    • SHA512

      593e714e18181f95b2f25bc556f0ee3e9ed26981d4611eeb7516c7453405387562ab693dd24df39019d226e14352b4095fe8a787e4c8723fa1e51649d9000d29

    Score
    10/10
    revengeratmr_ahmedtrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks