General

  • Target

    d436fbe4166922bd3ef0d98e5446bcceae0dea031768f1dccde58b785e086a9e

  • Size

    415KB

  • Sample

    230129-wrerzshh4z

  • MD5

    16d3d27045a88254d756185470842b4f

  • SHA1

    612683744bfb7b1450ae14e120a10e2607fb55f0

  • SHA256

    d436fbe4166922bd3ef0d98e5446bcceae0dea031768f1dccde58b785e086a9e

  • SHA512

    992997328a4b2948d1cf6feb4be79cc0be8323c5a2cd733ba8badb1f7c4afd700ee1d4facee0222af0ea4443b6b5ea7fea6c5ca756fbf9b6073e2646a4ebe3c0

  • SSDEEP

    6144:2Y2Cyz+oybLQmhTECuWZm4G+7PJQ4Hwqxy0O/zZhXn/q:23CyKvOrZhXnC

Malware Config

Targets

    • Target

      d436fbe4166922bd3ef0d98e5446bcceae0dea031768f1dccde58b785e086a9e

    • Size

      415KB

    • MD5

      16d3d27045a88254d756185470842b4f

    • SHA1

      612683744bfb7b1450ae14e120a10e2607fb55f0

    • SHA256

      d436fbe4166922bd3ef0d98e5446bcceae0dea031768f1dccde58b785e086a9e

    • SHA512

      992997328a4b2948d1cf6feb4be79cc0be8323c5a2cd733ba8badb1f7c4afd700ee1d4facee0222af0ea4443b6b5ea7fea6c5ca756fbf9b6073e2646a4ebe3c0

    • SSDEEP

      6144:2Y2Cyz+oybLQmhTECuWZm4G+7PJQ4Hwqxy0O/zZhXn/q:23CyKvOrZhXnC

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • RevengeRat Executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks