revengerat | 6c7b41c48ec91a1d533b4a8ce8837cc5f9326842441c44ecd7400f662bdde16d | Triage

Sharing

General

Target

43aa68d644e46c7b67071b2027c737f9_JaffaCakes118
Size

16KB
Sample

240729-nl4vxswfnk
MD5

43aa68d644e46c7b67071b2027c737f9
SHA1

75705c5a84699ac1ce8247659060898fc044153f
SHA256

6c7b41c48ec91a1d533b4a8ce8837cc5f9326842441c44ecd7400f662bdde16d
SHA512

ef3c97cd738ce9443f6f34c84bbb24d1ebdac33047f8879d880870d308103ecb4929adf2c63d97368b3497ca0497b9f851aceb8f3f9a95d28eef6eb8230f0c02
SSDEEP

384:OZilPqtlJES8uj9vxJAd3pNcClb5s8dXihym5Ct:OZilPqtlFfFL63pNrLwo

Score

10^/10

revengerat parrot-security stealer

Malware Config

Extracted

Family

revengerat

Botnet

PARROT-SECURITY

C2

2.tcp.ngrok.io:18683

Mutex

RV_MUTEX-jyGqgkYeCTBpMCv

Targets

- Target
  
  43aa68d644e46c7b67071b2027c737f9_JaffaCakes118
- Size
  
  16KB
- MD5
  
  43aa68d644e46c7b67071b2027c737f9
- SHA1
  
  75705c5a84699ac1ce8247659060898fc044153f
- SHA256
  
  6c7b41c48ec91a1d533b4a8ce8837cc5f9326842441c44ecd7400f662bdde16d
- SHA512
  
  ef3c97cd738ce9443f6f34c84bbb24d1ebdac33047f8879d880870d308103ecb4929adf2c63d97368b3497ca0497b9f851aceb8f3f9a95d28eef6eb8230f0c02
- SSDEEP
  
  384:OZilPqtlJES8uj9vxJAd3pNcClb5s8dXihym5Ct:OZilPqtlFfFL63pNrLwo
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

stealerparrot-securityrevengerat

behavioral1

behavioral2