Overview

overview

10

Static

static

1

292cf982ba...f2.vbs

windows7-x64

10

292cf982ba...f2.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    292cf982ba7c343cf1d726e0dfc04ff2

  • Size

    1KB

  • Sample

    231231-fnk7lahagl

  • MD5

    292cf982ba7c343cf1d726e0dfc04ff2

  • SHA1

    bc862bcc556424af6ce4d431da9e8a37749979f6

  • SHA256

    695874c34915a2fdeff1780c63610dcfaecd6ae1ec96566e709496dfbd502240

  • SHA512

    cc7a5de149736fd6bb11aad15a3a0391d6f3a4d07c48af326b5709642ee1ae6cff56e47180f7dc436fce13a141329ac9974ed562a62ffbbbf9b4fd7d382579cd

Score
10/10
revengeratgueststealertrojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

asscoming.duckdns.org:333

Mutex

RV_MUTEX

Targets

    • Target

      292cf982ba7c343cf1d726e0dfc04ff2

    • Size

      1KB

    • MD5

      292cf982ba7c343cf1d726e0dfc04ff2

    • SHA1

      bc862bcc556424af6ce4d431da9e8a37749979f6

    • SHA256

      695874c34915a2fdeff1780c63610dcfaecd6ae1ec96566e709496dfbd502240

    • SHA512

      cc7a5de149736fd6bb11aad15a3a0391d6f3a4d07c48af326b5709642ee1ae6cff56e47180f7dc436fce13a141329ac9974ed562a62ffbbbf9b4fd7d382579cd

    Score
    10/10
    revengeratgueststealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • RevengeRat Executable

      stealer

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks