General

  • Target

    ac75dc41c2b2f125c32f8b3e5c67efff

  • Size

    174KB

  • Sample

    240228-v645rahh84

  • MD5

    ac75dc41c2b2f125c32f8b3e5c67efff

  • SHA1

    49edb1aaa6484cdd4b01046168b60152faaa5d9d

  • SHA256

    2e55044580d3af0d1802bb0991a88b2d4efe5b7770e775f5816e5fe9d1b6fc11

  • SHA512

    2e88ce5a68bb1536cad626f4588fea26c1813cc7e3b6d6ed69d267397a35bc2eaacac79d6207878dfa3b9bb3c2d19b274aad86f9f861a912aa6d8ff6b242bafb

  • SSDEEP

    3072:9HDPeJIQvi92KDWzdU3lEHKjutYb2HS7N+SgrSgR0bFDsoQbO8yazUWDc:Fre/v621S39itYbT7N+rSpb1sfKr2

Malware Config

Targets

    • Target

      ac75dc41c2b2f125c32f8b3e5c67efff

    • Size

      174KB

    • MD5

      ac75dc41c2b2f125c32f8b3e5c67efff

    • SHA1

      49edb1aaa6484cdd4b01046168b60152faaa5d9d

    • SHA256

      2e55044580d3af0d1802bb0991a88b2d4efe5b7770e775f5816e5fe9d1b6fc11

    • SHA512

      2e88ce5a68bb1536cad626f4588fea26c1813cc7e3b6d6ed69d267397a35bc2eaacac79d6207878dfa3b9bb3c2d19b274aad86f9f861a912aa6d8ff6b242bafb

    • SSDEEP

      3072:9HDPeJIQvi92KDWzdU3lEHKjutYb2HS7N+SgrSgR0bFDsoQbO8yazUWDc:Fre/v621S39itYbT7N+rSpb1sfKr2

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • RevengeRat Executable

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks