revengerat | 4e41cb05ea8dcee1742ed87963fd50d200216f9c785f185f27b75978db49fc58 | Triage

Sharing

General

Target

1c2061f1dc5aa415ec1f8ff687223a5d_JaffaCakes118
Size

16KB
Sample

240728-w1brpa1dqd
MD5

1c2061f1dc5aa415ec1f8ff687223a5d
SHA1

8dfa1fc3f730c58c6c5c69466134457a8c523441
SHA256

4e41cb05ea8dcee1742ed87963fd50d200216f9c785f185f27b75978db49fc58
SHA512

ea70a13d7623a274d3ef6cb58178bd976eeb07307c5feb7358cd6e6223e63e65da35df312ecf79444baf24440b886683f6862f6822f3b3b44294da6a70a3b058
SSDEEP

384:HZilPqtlJES8uj9IxJAd3pNcClb5svkdyW5Ct:HZilPqtlFfuL63pNrNo

Score

10^/10

revengerat parrot-security stealer

Malware Config

Extracted

Family

revengerat

Botnet

PARROT-SECURITY

C2

3.tcp.ngrok.io:24041

Mutex

RV_MUTEX-GgZblRvZwfRtNHu

Targets

- Target
  
  1c2061f1dc5aa415ec1f8ff687223a5d_JaffaCakes118
- Size
  
  16KB
- MD5
  
  1c2061f1dc5aa415ec1f8ff687223a5d
- SHA1
  
  8dfa1fc3f730c58c6c5c69466134457a8c523441
- SHA256
  
  4e41cb05ea8dcee1742ed87963fd50d200216f9c785f185f27b75978db49fc58
- SHA512
  
  ea70a13d7623a274d3ef6cb58178bd976eeb07307c5feb7358cd6e6223e63e65da35df312ecf79444baf24440b886683f6862f6822f3b3b44294da6a70a3b058
- SSDEEP
  
  384:HZilPqtlJES8uj9IxJAd3pNcClb5svkdyW5Ct:HZilPqtlFfuL63pNrNo
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

stealerparrot-securityrevengerat

behavioral1

behavioral2