Overview

overview

10

Static

static

3

62bc5ed1fa...18.exe

windows7-x64

10

62bc5ed1fa...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    62bc5ed1faedbd153aefbd0f660b9398_JaffaCakes118

  • Size

    220KB

  • Sample

    240401-azzw8sha37

  • MD5

    62bc5ed1faedbd153aefbd0f660b9398

  • SHA1

    00f5114002f3890ba4d32c7960ba04bb907c18b7

  • SHA256

    ea95110c6eace17e1362e51ea50327a99899b76c7295650363325a22bf70a05b

  • SHA512

    d47b50992bc4fdefe0cc7b5a5a72d3aa6b35c9f47841b7f0173303ddb38c2c072ce40925a2e715c43a98c0f7f85977aa00c74adf1d630b72486339bfd6e958ab

  • SSDEEP

    3072:kXs/p61nqa4LEHBAnpK37nXua1V0Vz1z7ZwnZspzqeNOefG4Gyq6nF7waf5+:R/p61nOVaDCzFNkOqefpl+

Score
10/10
revengeratlimerevengetrojan

Malware Config

Extracted

Family

revengerat

Botnet

LimeRevenge

Mutex

208-9035-4d24f5a5133d

Targets

    • Target

      62bc5ed1faedbd153aefbd0f660b9398_JaffaCakes118

    • Size

      220KB

    • MD5

      62bc5ed1faedbd153aefbd0f660b9398

    • SHA1

      00f5114002f3890ba4d32c7960ba04bb907c18b7

    • SHA256

      ea95110c6eace17e1362e51ea50327a99899b76c7295650363325a22bf70a05b

    • SHA512

      d47b50992bc4fdefe0cc7b5a5a72d3aa6b35c9f47841b7f0173303ddb38c2c072ce40925a2e715c43a98c0f7f85977aa00c74adf1d630b72486339bfd6e958ab

    • SSDEEP

      3072:kXs/p61nqa4LEHBAnpK37nXua1V0Vz1z7ZwnZspzqeNOefG4Gyq6nF7waf5+:R/p61nOVaDCzFNkOqefpl+

    Score
    10/10
    revengeratlimerevengetrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks