Overview

overview

10

Static

static

1

Акт с...03.exe

windows7-x64

10

Акт с...03.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Акт сверки взаимных расчетов за период 01.03-31.03.exe

  • Size

    135KB

  • Sample

    230405-qnl41agh8t

  • MD5

    d0f590b69c8e55b3ef545f23dc480b62

  • SHA1

    6b330598ff0e2b988d95285e2b093619dc36066c

  • SHA256

    ed97f674adb71e2958bba2aa2d1051ae4b938b22649723417e15af7c717057dc

  • SHA512

    9c6124496748cc89c13716dd9ae1bd00a33fce32a26554bdacf13707ac2db305593d9a6fdc6197c6f593bb26e552c5f9b10f2df7e0add32ee85bcb60e79286e0

  • SSDEEP

    3072:4LSLwYN0TIXpn8YvNXHBw8sw0wkTuyNp/1pM1klN6R9lDSp:4LpTeptewXkCyPAXRrDSp

Score
10/10
revengeratstealertrojan

Malware Config

Targets

    • Target

      Акт сверки взаимных расчетов за период 01.03-31.03.exe

    • Size

      135KB

    • MD5

      d0f590b69c8e55b3ef545f23dc480b62

    • SHA1

      6b330598ff0e2b988d95285e2b093619dc36066c

    • SHA256

      ed97f674adb71e2958bba2aa2d1051ae4b938b22649723417e15af7c717057dc

    • SHA512

      9c6124496748cc89c13716dd9ae1bd00a33fce32a26554bdacf13707ac2db305593d9a6fdc6197c6f593bb26e552c5f9b10f2df7e0add32ee85bcb60e79286e0

    • SSDEEP

      3072:4LSLwYN0TIXpn8YvNXHBw8sw0wkTuyNp/1pM1klN6R9lDSp:4LpTeptewXkCyPAXRrDSp

    Score
    10/10
    revengeratstealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • RevengeRat Executable

      stealer

    • Drops startup file

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks