Overview

overview

10

Static

static

10

WWL.exe

windows10-2004-x64

Resubmissions

11-06-2023 08:41

230611-klhe5sgh23 10

11-06-2023 07:38

230611-jgkh9sgf93 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WWL.exe

  • Size

    142KB

  • Sample

    230611-klhe5sgh23

  • MD5

    ff621b3ec028ff34e6dd40649434e246

  • SHA1

    2bf21078ee8f88b70291c41f7e41ab03fad0a27d

  • SHA256

    40254755e4c6325be6f0678fe1f3daa23cbf639714142449740a0dc5dc4a1790

  • SHA512

    2bc1dcf4bb3cc887f8bd9188df7eb01eebe1516c7120a6b355af2a85790dcd3d9ffcd9cc529de5e5613178efe264dcb3c99730b1adb6f1d84b9e4afc0f4bb368

  • SSDEEP

    3072:uSDDjXTV/uzgjk28xguWthZfeZtb6PRX:uSXjjox28jEfeP8

Score
10/10
revengeratstealertrojan

Malware Config

Targets

    • Target

      WWL.exe

    • Size

      142KB

    • MD5

      ff621b3ec028ff34e6dd40649434e246

    • SHA1

      2bf21078ee8f88b70291c41f7e41ab03fad0a27d

    • SHA256

      40254755e4c6325be6f0678fe1f3daa23cbf639714142449740a0dc5dc4a1790

    • SHA512

      2bc1dcf4bb3cc887f8bd9188df7eb01eebe1516c7120a6b355af2a85790dcd3d9ffcd9cc529de5e5613178efe264dcb3c99730b1adb6f1d84b9e4afc0f4bb368

    • SSDEEP

      3072:uSDDjXTV/uzgjk28xguWthZfeZtb6PRX:uSXjjox28jEfeP8

    Score
    10/10
    revengeratstealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • RevengeRat Executable

      stealer

    • Drops startup file

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks