Overview

overview

10

Static

static

1

image.ps1

windows7-x64

1

image.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    image.jpg

  • Size

    86KB

  • Sample

    230217-ycws3age6y

  • MD5

    b6aacfef1cfb9f7530cca4c12107717e

  • SHA1

    ea4b5ebb1b70ef7c6f2c40129bea14153ceb968f

  • SHA256

    8dbc7b89aa5900070b098b8f20d4f74613268faa53cea2134ae9904745767171

  • SHA512

    a520efe6388347a250cb452c8124eec9476739f53a5e24b1cf3151b0789068463c355c68232de85ca012abc63e6f9861107cd73d648104763c781eb9f7d9e443

  • SSDEEP

    1536:lP2N2em5QnDSbYb/QIZGxKd5ja1d/DcaPrDxMgo:oN2A/QI4xFDygo

Score
10/10
revengeratmr_ahmedtrojan

Malware Config

Extracted

Family

revengerat

Botnet

MR_ahmed

C2

booksyy.hopto.org:1111

Mutex

80fd5c83decd4b2fb

Targets

    • Target

      image.jpg

    • Size

      86KB

    • MD5

      b6aacfef1cfb9f7530cca4c12107717e

    • SHA1

      ea4b5ebb1b70ef7c6f2c40129bea14153ceb968f

    • SHA256

      8dbc7b89aa5900070b098b8f20d4f74613268faa53cea2134ae9904745767171

    • SHA512

      a520efe6388347a250cb452c8124eec9476739f53a5e24b1cf3151b0789068463c355c68232de85ca012abc63e6f9861107cd73d648104763c781eb9f7d9e443

    • SSDEEP

      1536:lP2N2em5QnDSbYb/QIZGxKd5ja1d/DcaPrDxMgo:oN2A/QI4xFDygo

    Score
    10/10
    revengeratmr_ahmedtrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks