General

  • Target

    d774e6260fca3971aaf875e4256490ff0f358971

  • Size

    1.1MB

  • Sample

    221006-3nca1sbah8

  • MD5

    f53851004ff2f7f31f84c05a2f44e178

  • SHA1

    d774e6260fca3971aaf875e4256490ff0f358971

  • SHA256

    0e555987e5cd93ee42671e0e286a7b1ffe46dfb2a9f268b55d0c76f4f9f49827

  • SHA512

    cc6e881933336ac1348b4a5c619b9770f974fabaae5a255d52fac5b3ff4cc8b3ab4dae800e05949c06e3a3888c2601c3a7fed4c0f92e1fd85aa05c760502a30d

  • SSDEEP

    24576:IvWQf06hA40oChkJVzWa7npqKp6hpKNAaQUt:Zd2zCmJtWa7806OY4

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

178.17.174.71:3310

Mutex

RV_MUTEX-HxdYuaWVCGnhp

Targets

    • Target

      d774e6260fca3971aaf875e4256490ff0f358971

    • Size

      1.1MB

    • MD5

      f53851004ff2f7f31f84c05a2f44e178

    • SHA1

      d774e6260fca3971aaf875e4256490ff0f358971

    • SHA256

      0e555987e5cd93ee42671e0e286a7b1ffe46dfb2a9f268b55d0c76f4f9f49827

    • SHA512

      cc6e881933336ac1348b4a5c619b9770f974fabaae5a255d52fac5b3ff4cc8b3ab4dae800e05949c06e3a3888c2601c3a7fed4c0f92e1fd85aa05c760502a30d

    • SSDEEP

      24576:IvWQf06hA40oChkJVzWa7npqKp6hpKNAaQUt:Zd2zCmJtWa7806OY4

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • RevengeRat Executable

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks