Overview

overview

10

Static

static

3

6a98905469...5a.exe

windows7-x64

10

6a98905469...5a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6a98905469e873bbf46e8cb4bab02d5a

  • Size

    311KB

  • Sample

    240120-q5wd1abadr

  • MD5

    6a98905469e873bbf46e8cb4bab02d5a

  • SHA1

    0e1016aa1746d6a21d9055d469b2c0cb5ce239ac

  • SHA256

    0043938f989102fa4f673d21dcb6cac706b3e50ec7d53e31e40d92256c511807

  • SHA512

    5c40708c71c778a854a0b3cc0acb89dbf609206525ce2091f5737d0426b6caf871bb8262bb33e288ac3a7ab8b9b4357251da47918e53b49788f5de741c419ba4

  • SSDEEP

    6144:5XXRTRBp2C2GrRy/xrbzA98/jRgggggg8gBgggggbgggggMVMpR0U/hXkzYZjk:pP2GrM3zTrRgggggfgBgggggbgggggMb

Score
10/10
revengeratguestmicrosoftphishingstealertrojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

fpi999.ddns.net:8080

127.0.0.1:8080
Mutex

RV_MUTEX-DxjEexVoqqNL

Targets

    • Target

      6a98905469e873bbf46e8cb4bab02d5a

    • Size

      311KB

    • MD5

      6a98905469e873bbf46e8cb4bab02d5a

    • SHA1

      0e1016aa1746d6a21d9055d469b2c0cb5ce239ac

    • SHA256

      0043938f989102fa4f673d21dcb6cac706b3e50ec7d53e31e40d92256c511807

    • SHA512

      5c40708c71c778a854a0b3cc0acb89dbf609206525ce2091f5737d0426b6caf871bb8262bb33e288ac3a7ab8b9b4357251da47918e53b49788f5de741c419ba4

    • SSDEEP

      6144:5XXRTRBp2C2GrRy/xrbzA98/jRgggggg8gBgggggbgggggMVMpR0U/hXkzYZjk:pP2GrM3zTrRgggggfgBgggggbgggggMb

    Score
    10/10
    revengeratgueststealertrojanmicrosoftphishing

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • RevengeRat Executable

      stealer

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks