General

  • Target

    9160416822.zip

  • Size

    109KB

  • Sample

    230213-yn1amafb8x

  • MD5

    486ced6680c8ed337fe5bf217f6e9b54

  • SHA1

    8411712b6534bbe9ceb650818b90cd699fad31e5

  • SHA256

    4d0c6e5dc38eef9222bbb9c8b2fcc8977ffdb1bcc6b770fbad5c3e401d1f70a8

  • SHA512

    d11f6f5387a74749d4fac6d5a774043ca4220a4dfc0e08acaf6f01a902c64a772d665e7f686e8e11da45a16b28d29b6b84f0e1f19c620a663fdb7fecc0a1aba9

  • SSDEEP

    3072:VmKdaq7Lx1I/rBhTzznEiNSjpE+N9UNxtPS:VmKV7LxSrjXEiWpEHxJS

Malware Config

Targets

    • Target

      51bc942d371ca8c6ab7358fa5724eab2ab2e97b00d2ba558c73641629758b3a6

    • Size

      164KB

    • MD5

      d3106dc883cde0c9e80964f324cfd4fb

    • SHA1

      b95ba0c6537d07dce6ffc49ffc242572f74c8a36

    • SHA256

      51bc942d371ca8c6ab7358fa5724eab2ab2e97b00d2ba558c73641629758b3a6

    • SHA512

      f0ff28f5a7b11bf38429d996f1d71a20ffb8b350c95af3c3b2c6e342f59dd060dc035dfb0c4b36190d8595683afeb1d325a65dd002d95713f37cdde589638ebc

    • SSDEEP

      3072:lGBMeD7VjYbDnEwlECnjcipp91glWWozX//l0KlPu/QpUhXAS0RB:8MK2A6nIYp91glW1XHtB

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • RevengeRat Executable

    • Drops startup file

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Tasks