Overview

overview

10

Static

static

40fc54d932...3c.exe

windows7_x64

10

40fc54d932...3c.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    40fc54d93205c2049c62da528426414b2bbe1428b22ed6cea5cef4be324e873c

  • Size

    26KB

  • Sample

    220503-yxdg8aecbp

  • MD5

    6aa840d90f457f13082c87f64d952a41

  • SHA1

    10387f6dd42bf4fc9309f826aed9d4e169fb2c08

  • SHA256

    40fc54d93205c2049c62da528426414b2bbe1428b22ed6cea5cef4be324e873c

  • SHA512

    6788e8d3bb92fe044b235f7b856303b9cd13a50d64d493eeac99aef5fa3515c8499f4d7de4da3c8bd32472deefe15da28043717d0bb715af9c24dafc8ad58f9b

Score
10/10
revengeratgueststealertrojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

mrhackeer.ddns.net:1177

Mutex

RV_MUTEX-UYBxGgZHxuuVY

Targets

    • Target

      40fc54d93205c2049c62da528426414b2bbe1428b22ed6cea5cef4be324e873c

    • Size

      26KB

    • MD5

      6aa840d90f457f13082c87f64d952a41

    • SHA1

      10387f6dd42bf4fc9309f826aed9d4e169fb2c08

    • SHA256

      40fc54d93205c2049c62da528426414b2bbe1428b22ed6cea5cef4be324e873c

    • SHA512

      6788e8d3bb92fe044b235f7b856303b9cd13a50d64d493eeac99aef5fa3515c8499f4d7de4da3c8bd32472deefe15da28043717d0bb715af9c24dafc8ad58f9b

    Score
    10/10
    revengeratgueststealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • RevengeRat Executable

      stealer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks