Overview

overview

10

Static

static

5812bd07a6...a2.exe

windows7_x64

10

5812bd07a6...a2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5812bd07a6aa5a3a5418c2eba8b1f5f1f7491581baeb3488d71fbca0bfb892a2

  • Size

    190KB

  • Sample

    220512-n9t1madgd7

  • MD5

    a1d732c8477b8e487981c475cfb4fda0

  • SHA1

    afffdaf652d9445aba3f9c3809d555c7224ad201

  • SHA256

    5812bd07a6aa5a3a5418c2eba8b1f5f1f7491581baeb3488d71fbca0bfb892a2

  • SHA512

    0c2db6108881de5fe86d7bd198adb2770b7653c064ed29ce4bb48a9deb86421be8fd6a1424fd2a491ca2f804da2f9d9f21470a5545255746a1a55192500819ff

Score
10/10
revengeratpersistencestealertrojan

Malware Config

Targets

    • Target

      5812bd07a6aa5a3a5418c2eba8b1f5f1f7491581baeb3488d71fbca0bfb892a2

    • Size

      190KB

    • MD5

      a1d732c8477b8e487981c475cfb4fda0

    • SHA1

      afffdaf652d9445aba3f9c3809d555c7224ad201

    • SHA256

      5812bd07a6aa5a3a5418c2eba8b1f5f1f7491581baeb3488d71fbca0bfb892a2

    • SHA512

      0c2db6108881de5fe86d7bd198adb2770b7653c064ed29ce4bb48a9deb86421be8fd6a1424fd2a491ca2f804da2f9d9f21470a5545255746a1a55192500819ff

    Score
    10/10
    revengeratstealertrojanpersistence

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • RevengeRat Executable

      stealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks