Overview

overview

10

Static

static

3

0371221c3a...18.exe

windows7-x64

10

0371221c3a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0371221c3aa1147d1009f0d0b1bf22e8_JaffaCakes118

  • Size

    144KB

  • Sample

    240328-mpsrdsgd32

  • MD5

    0371221c3aa1147d1009f0d0b1bf22e8

  • SHA1

    5f33bcfe0070b7ac3b4d527103bb4a9385603de3

  • SHA256

    d34a32b1c044553ab8b803f4370526f7a73d1cb519adcaec91b2c10efaa556b3

  • SHA512

    a42bb69676da8c267a8f5b472cbba1ba408a553f919d8536f0a4e8054da914b5aa34089744301acf9eb5d993881955dda478ee2c5b663a945c8aafccef1a9eab

  • SSDEEP

    1536:8qJo6rUcu/rbPm8J+Ud+kR2qBa5z17gm6zG:8SRw+Ud+kRBBa5yjK

Score
10/10
revengerat⚡⚡ welcome ⚡⚡persistencestealertrojan

Malware Config

Extracted

Family

revengerat

Botnet

⚡⚡ WELCOME ⚡⚡

C2

xd.zapto.org:27730

Mutex

RV_MUTEX-aawrHJfWfhaRCl

Targets

    • Target

      0371221c3aa1147d1009f0d0b1bf22e8_JaffaCakes118

    • Size

      144KB

    • MD5

      0371221c3aa1147d1009f0d0b1bf22e8

    • SHA1

      5f33bcfe0070b7ac3b4d527103bb4a9385603de3

    • SHA256

      d34a32b1c044553ab8b803f4370526f7a73d1cb519adcaec91b2c10efaa556b3

    • SHA512

      a42bb69676da8c267a8f5b472cbba1ba408a553f919d8536f0a4e8054da914b5aa34089744301acf9eb5d993881955dda478ee2c5b663a945c8aafccef1a9eab

    • SSDEEP

      1536:8qJo6rUcu/rbPm8J+Ud+kR2qBa5z17gm6zG:8SRw+Ud+kRBBa5yjK

    Score
    10/10
    revengerat⚡⚡ welcome ⚡⚡persistencestealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • RevengeRat Executable

      stealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks