Overview

overview

10

Static

static

10

Client.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client.exe

  • Size

    5.0MB

  • Sample

    240727-znkqls1fnf

  • MD5

    6663483929f325b3fe2f8a351787aebf

  • SHA1

    eaef70212f2f361a3167340d7c76e07246f1e427

  • SHA256

    cb9bb33d33ae493a7616a62cae19fb7c127c596a834543e78735e894d4225f42

  • SHA512

    12d51bd6328fd6a7572c97fdd3ac7b5d74dfd1379d5553f890af6c5a2effa65c61ecb78588fddac239881391ed9e2831f65a6f70e83a7047b980bcd4cb501eb9

  • SSDEEP

    3072:iEQ5B9LypBTl57/zzTx+feymDt9SYzOP+:iupBvLzTIf4Df7zOP+

Score
10/10
revengeratguestdiscoverytrojan

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

0.tcp.eu.ngrok.io:8848

Mutex

RV_MUTEX

Targets

    • Target

      Client.exe

    • Size

      5.0MB

    • MD5

      6663483929f325b3fe2f8a351787aebf

    • SHA1

      eaef70212f2f361a3167340d7c76e07246f1e427

    • SHA256

      cb9bb33d33ae493a7616a62cae19fb7c127c596a834543e78735e894d4225f42

    • SHA512

      12d51bd6328fd6a7572c97fdd3ac7b5d74dfd1379d5553f890af6c5a2effa65c61ecb78588fddac239881391ed9e2831f65a6f70e83a7047b980bcd4cb501eb9

    • SSDEEP

      3072:iEQ5B9LypBTl57/zzTx+feymDt9SYzOP+:iupBvLzTIf4Df7zOP+

    Score
    10/10
    revengeratguestdiscoverytrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks