General

  • Target

    40fc54d93205c2049c62da528426414b2bbe1428b22ed6cea5cef4be324e873c

  • Size

    26KB

  • Sample

    220503-yxdg8aecbp

  • MD5

    6aa840d90f457f13082c87f64d952a41

  • SHA1

    10387f6dd42bf4fc9309f826aed9d4e169fb2c08

  • SHA256

    40fc54d93205c2049c62da528426414b2bbe1428b22ed6cea5cef4be324e873c

  • SHA512

    6788e8d3bb92fe044b235f7b856303b9cd13a50d64d493eeac99aef5fa3515c8499f4d7de4da3c8bd32472deefe15da28043717d0bb715af9c24dafc8ad58f9b

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

mrhackeer.ddns.net:1177

Mutex

RV_MUTEX-UYBxGgZHxuuVY

Targets

    • Target

      40fc54d93205c2049c62da528426414b2bbe1428b22ed6cea5cef4be324e873c

    • Size

      26KB

    • MD5

      6aa840d90f457f13082c87f64d952a41

    • SHA1

      10387f6dd42bf4fc9309f826aed9d4e169fb2c08

    • SHA256

      40fc54d93205c2049c62da528426414b2bbe1428b22ed6cea5cef4be324e873c

    • SHA512

      6788e8d3bb92fe044b235f7b856303b9cd13a50d64d493eeac99aef5fa3515c8499f4d7de4da3c8bd32472deefe15da28043717d0bb715af9c24dafc8ad58f9b

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • RevengeRat Executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks