revengerat | a62eac7125d6a8e953325e4408f6f6ab187c808f9bfc0334e4d8723fae97c021 | Triage

Sharing

General

Target

3fad2378feab32b6d3f8b955d98038b2_JaffaCakes118
Size

18KB
Sample

240729-l4yqhssdnn
MD5

3fad2378feab32b6d3f8b955d98038b2
SHA1

626d2a65d0c22ad510445171234d314bf93d0a2e
SHA256

a62eac7125d6a8e953325e4408f6f6ab187c808f9bfc0334e4d8723fae97c021
SHA512

4436ac40b5042eb768285dfdb074453a5431a145d24ec3b7211f296a00d09ec60f4fcf5a9e71ea02769df5f6598069bb8bbc2f425ddd777a168e51adb68c6cbe
SSDEEP

192:cZh9iPRuyEmDYGpMtLYOzgfwN4rUMGA5+bc7+jR9nsVVI+1k1ygJtac:MhEMyRYGKtLUlxGC+bXsVK+1k1ygbac

Score

10^/10

revengerat builder persistence stealer

Malware Config

Extracted

Family

revengerat

Botnet

Builder

C2

hotkey.ddns.net:1177

Mutex

RV_MUTEX-LIELecwCkjosnK

Targets

- Target
  
  3fad2378feab32b6d3f8b955d98038b2_JaffaCakes118
- Size
  
  18KB
- MD5
  
  3fad2378feab32b6d3f8b955d98038b2
- SHA1
  
  626d2a65d0c22ad510445171234d314bf93d0a2e
- SHA256
  
  a62eac7125d6a8e953325e4408f6f6ab187c808f9bfc0334e4d8723fae97c021
- SHA512
  
  4436ac40b5042eb768285dfdb074453a5431a145d24ec3b7211f296a00d09ec60f4fcf5a9e71ea02769df5f6598069bb8bbc2f425ddd777a168e51adb68c6cbe
- SSDEEP
  
  192:cZh9iPRuyEmDYGpMtLYOzgfwN4rUMGA5+bc7+jR9nsVVI+1k1ygJtac:MhEMyRYGKtLUlxGC+bXsVK+1k1ygbac
Score

7^/10

persistence
- Drops startup file
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stealerbuilderrevengerat

behavioral1

behavioral2