revengerat | 265b84e3773655319c45d5fe2e4e84035781d42a6b324c37f703dfc809e9f07b | Triage

Sharing

General

Target

265b84e3773655319c45d5fe2e4e84035781d42a6b324c37f703dfc809e9f07b
Size

344KB
Sample

220516-b9ws1ahca4
MD5

1e51fa7730804312f96790c9c93d506c
SHA1

5e4f7fd8a9b2308bfc46b303b12108c1f5532d8d
SHA256

265b84e3773655319c45d5fe2e4e84035781d42a6b324c37f703dfc809e9f07b
SHA512

61853d112a7158392a023596fa2a6575f2bade49ea42a52a6133d520400ea52c0a3d812ae564a3b379cb49e8935491da62d0bfc545677322287e12e18b27345a

Score

10^/10

revengerat guest persistence trojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

fastbtc.dynu.net:1604

Mutex

RV_MUTEX-LB4S0YIGA6UFWH10GXQLHP

Targets

- Target
  
  265b84e3773655319c45d5fe2e4e84035781d42a6b324c37f703dfc809e9f07b
- Size
  
  344KB
- MD5
  
  1e51fa7730804312f96790c9c93d506c
- SHA1
  
  5e4f7fd8a9b2308bfc46b303b12108c1f5532d8d
- SHA256
  
  265b84e3773655319c45d5fe2e4e84035781d42a6b324c37f703dfc809e9f07b
- SHA512
  
  61853d112a7158392a023596fa2a6575f2bade49ea42a52a6133d520400ea52c0a3d812ae564a3b379cb49e8935491da62d0bfc545677322287e12e18b27345a
Score

10^/10

revengerat guest persistence trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratguestpersistencetrojan

behavioral2

revengeratguestpersistencetrojan