Overview

overview

10

Static

static

REORDER_.exe

windows7_x64

10

REORDER_.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd32b11e7ab2cecab2889b275fdd9ff7176f75d0e30f151d0f9a8a7960b4f629

  • Size

    1.2MB

  • Sample

    220520-qrpz3aghal

  • MD5

    c1871cb159b1cd38000e1f42b3a547ff

  • SHA1

    64a45affc875b2ff373ef81e1d5f99bb15621e2a

  • SHA256

    bd32b11e7ab2cecab2889b275fdd9ff7176f75d0e30f151d0f9a8a7960b4f629

  • SHA512

    186bcec565eeea97cf8967541fe478dcbf4e6c5bc91fa43fb93ff05669b830fe2404dda336a1fec0097a5ac3db8905c903c31f9007b6f075ef792c89e811179d

Score
10/10
revengeratgueststealertrojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

lordiyke.duckdns.org:2336

Mutex

RV_MUTEX-YqqNLCGRFbTXZM

Targets

    • Target

      REORDER_.EXE

    • Size

      339KB

    • MD5

      965a50b0cb0e05ba3fb39aa2dfb64980

    • SHA1

      f9d0711a8f6f430ec3bfc597be43592cebdc649e

    • SHA256

      cac726f6b0bcb60af61033a9a59ae886ee7466f65e20185cd44be43c80386e7d

    • SHA512

      43c37e8457f55ed52b8e9ae3cce7fe4ea5403d27f58a674fa0ee976b99bda8704dedd4fe0caa4cb93d758349b02acea22faf0a0a672cc87ebb938878c6d7c3fb

    Score
    10/10
    revengeratgueststealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • RevengeRat Executable

      stealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks