revengerat | 4f32a6f4b20635fc3e1e4c751275f1d0053a60d960ae6c769c49c84cdc5de808 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96bd4b8114e4705fe3c92c77dd9f37c9_JaffaCakes118
Size

75KB
Sample

240814-tm84xs1crc
MD5

96bd4b8114e4705fe3c92c77dd9f37c9
SHA1

a73f4e52ffeea5331afe05845a19957ee34c06b0
SHA256

4f32a6f4b20635fc3e1e4c751275f1d0053a60d960ae6c769c49c84cdc5de808
SHA512

adee56894c5df3054ce2347947a1d311cce5b67af75b6122e90a52f2ce41c6121577e2938cd7d66c325bb40d8926acafbb620b593b98d1e491278c723b3b8b93
SSDEEP

1536:H53LC/uz4I7b10vNLSaIFrEAP0HSPLibo81hZgeO:Z3LIlSNrEA8HSgzw

Score

10^/10

revengerat guy discovery stealer trojan

Malware Config

Extracted

Family

revengerat

Botnet

GUY

C2

h4x000r.duckdns.org:3333

Mutex

RV_MUTEX-SZblRvZwfRtNHu

Targets

- Target
  
  96bd4b8114e4705fe3c92c77dd9f37c9_JaffaCakes118
- Size
  
  75KB
- MD5
  
  96bd4b8114e4705fe3c92c77dd9f37c9
- SHA1
  
  a73f4e52ffeea5331afe05845a19957ee34c06b0
- SHA256
  
  4f32a6f4b20635fc3e1e4c751275f1d0053a60d960ae6c769c49c84cdc5de808
- SHA512
  
  adee56894c5df3054ce2347947a1d311cce5b67af75b6122e90a52f2ce41c6121577e2938cd7d66c325bb40d8926acafbb620b593b98d1e491278c723b3b8b93
- SSDEEP
  
  1536:H53LC/uz4I7b10vNLSaIFrEAP0HSPLibo81hZgeO:Z3LIlSNrEA8HSgzw
Score

10^/10

revengerat guy discovery stealer trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- RevengeRat Executable
  stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

revengeratguydiscoverystealertrojan

behavioral2

revengeratguydiscoverystealertrojan