Overview

overview

10

Static

static

265b84e377...7b.exe

windows7_x64

10

265b84e377...7b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    265b84e3773655319c45d5fe2e4e84035781d42a6b324c37f703dfc809e9f07b

  • Size

    344KB

  • Sample

    220516-b9ws1ahca4

  • MD5

    1e51fa7730804312f96790c9c93d506c

  • SHA1

    5e4f7fd8a9b2308bfc46b303b12108c1f5532d8d

  • SHA256

    265b84e3773655319c45d5fe2e4e84035781d42a6b324c37f703dfc809e9f07b

  • SHA512

    61853d112a7158392a023596fa2a6575f2bade49ea42a52a6133d520400ea52c0a3d812ae564a3b379cb49e8935491da62d0bfc545677322287e12e18b27345a

Score
10/10
revengeratguestpersistencetrojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

fastbtc.dynu.net:1604

Mutex

RV_MUTEX-LB4S0YIGA6UFWH10GXQLHP

Targets

    • Target

      265b84e3773655319c45d5fe2e4e84035781d42a6b324c37f703dfc809e9f07b

    • Size

      344KB

    • MD5

      1e51fa7730804312f96790c9c93d506c

    • SHA1

      5e4f7fd8a9b2308bfc46b303b12108c1f5532d8d

    • SHA256

      265b84e3773655319c45d5fe2e4e84035781d42a6b324c37f703dfc809e9f07b

    • SHA512

      61853d112a7158392a023596fa2a6575f2bade49ea42a52a6133d520400ea52c0a3d812ae564a3b379cb49e8935491da62d0bfc545677322287e12e18b27345a

    Score
    10/10
    revengeratguestpersistencetrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks