General

  • Target

    fd4f94d12269d74166408823e51fe1fbc64a776ade7554a27acaf07cae6483fa

  • Size

    89KB

  • Sample

    220507-zbyfyadge8

  • MD5

    793fd610adf1d34f757e9db8510e8ff2

  • SHA1

    e54835aea0d357cd955c3c9876f6c6b1982fcf99

  • SHA256

    fd4f94d12269d74166408823e51fe1fbc64a776ade7554a27acaf07cae6483fa

  • SHA512

    3ad0a8c0aa14b2bea294d9aa5d914e46dc33d4df1ef2083c5050ab4cac693c01f0419ce9e3da20487d21102baa16b4cc9ce48947127b76aaf661a5bbe84fdd8f

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

darkking111.hopto.org:3131

darkking111.hopto.org:5353

102ef32.ddns.net:3131

102ef32.ddns.net:5353

1026ef32.ddns.net :3131

1026ef32.ddns.net :5353

Mutex

RV_MUTEX

Targets

    • Target

      fd4f94d12269d74166408823e51fe1fbc64a776ade7554a27acaf07cae6483fa

    • Size

      89KB

    • MD5

      793fd610adf1d34f757e9db8510e8ff2

    • SHA1

      e54835aea0d357cd955c3c9876f6c6b1982fcf99

    • SHA256

      fd4f94d12269d74166408823e51fe1fbc64a776ade7554a27acaf07cae6483fa

    • SHA512

      3ad0a8c0aa14b2bea294d9aa5d914e46dc33d4df1ef2083c5050ab4cac693c01f0419ce9e3da20487d21102baa16b4cc9ce48947127b76aaf661a5bbe84fdd8f

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • RevengeRat Executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks