Overview

overview

10

Static

static

3

LisectAVT_...27.exe

windows7-x64

10

LisectAVT_...27.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LisectAVT_2403002B_27.exe

  • Size

    155KB

  • Sample

    240725-bj2assyemr

  • MD5

    e769b63b22a914d5fe9722716257e3b6

  • SHA1

    d69e65bcb3959724ccf02e6f1d2319163c2593f1

  • SHA256

    1e76f1954d14aff43291a7079962d0ad3856657537a9595ba190d5c61abfc93c

  • SHA512

    e901dfc8ede587b76997c5e98b576d12c5762176fc23501f404c195732a36d532b9fea97a79b68005150ca444d9cb1d8ecc5386698f3f4e8d6038d62bd773182

  • SSDEEP

    1536:DwVCOKVP+JC+ZzmSd1vpCaTjjbDOcAT5D8V0HOQb89NmnJAO1yqrg0Yz:DLP2rP5ppJAT5YVCA9NmnJAO1yq0r

Score
10/10
revengeratmayo24discoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

MAYO24

C2

karmina113.sytes.net:3333

karmina117.sytes.net:3333

karmina118.sytes.net:3333

karmina119.sytes.net:3333

nibiru3.duckdns.org:3333

nibiru4.duckdns.org:3333

nibiru5.duckdns.org:3333

nibiru6.duckdns.org:3333
Mutex

WSCollect

Targets

    • Target

      LisectAVT_2403002B_27.exe

    • Size

      155KB

    • MD5

      e769b63b22a914d5fe9722716257e3b6

    • SHA1

      d69e65bcb3959724ccf02e6f1d2319163c2593f1

    • SHA256

      1e76f1954d14aff43291a7079962d0ad3856657537a9595ba190d5c61abfc93c

    • SHA512

      e901dfc8ede587b76997c5e98b576d12c5762176fc23501f404c195732a36d532b9fea97a79b68005150ca444d9cb1d8ecc5386698f3f4e8d6038d62bd773182

    • SSDEEP

      1536:DwVCOKVP+JC+ZzmSd1vpCaTjjbDOcAT5D8V0HOQb89NmnJAO1yqrg0Yz:DLP2rP5ppJAT5YVCA9NmnJAO1yq0r

    Score
    10/10
    revengeratmayo24discoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks