Overview

overview

10

Static

static

10

02b58fea1b...18.exe

windows7-x64

10

02b58fea1b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02b58fea1b5d609fe461e56899151f5c_JaffaCakes118

  • Size

    110KB

  • Sample

    240427-h6fqyadg33

  • MD5

    02b58fea1b5d609fe461e56899151f5c

  • SHA1

    c2c2b0c9169c23a220802b881944276d437cacf9

  • SHA256

    176109ba62ae70b7ab45d589f3e20bedc6d9f306468c3cdff3138b87b923148e

  • SHA512

    8e7a598cd7fd1917c3ce56d246fa09ca26951a71e0d5a61f89a1a27a444366702eb1d6ba005dc9489dc9d2475512c703087ae64ca76c29a9267db29a6ad5969e

  • SSDEEP

    3072:D4BWGNaXLZNop7ZV0KvhV5nvCas4D09SYu2b:8WisLAp7ZVlvlqkD87u2

Score
10/10
revengeratguestpersistencestealertrojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

41.160.177.182:333

Mutex

RV_MUTEX-tWwiejYAoBLOa

Targets

    • Target

      02b58fea1b5d609fe461e56899151f5c_JaffaCakes118

    • Size

      110KB

    • MD5

      02b58fea1b5d609fe461e56899151f5c

    • SHA1

      c2c2b0c9169c23a220802b881944276d437cacf9

    • SHA256

      176109ba62ae70b7ab45d589f3e20bedc6d9f306468c3cdff3138b87b923148e

    • SHA512

      8e7a598cd7fd1917c3ce56d246fa09ca26951a71e0d5a61f89a1a27a444366702eb1d6ba005dc9489dc9d2475512c703087ae64ca76c29a9267db29a6ad5969e

    • SSDEEP

      3072:D4BWGNaXLZNop7ZV0KvhV5nvCas4D09SYu2b:8WisLAp7ZVlvlqkD87u2

    Score
    10/10
    revengeratguestpersistencestealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • RevengeRat Executable

      stealer

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks