revengerat | ed7c7b0532ef7edc3a22795f2d5d60cbd7c7a3ffda4f1810e3b8295ca2fe0bf5 | Triage

Sharing

General

Target

9bdc6f0dd016c900603d657e1e64cdbe_JaffaCakes118
Size

16KB
Sample

240815-2bw9zsybpf
MD5

9bdc6f0dd016c900603d657e1e64cdbe
SHA1

67bd71301246fa33b916322f0bd594cb1ede6d29
SHA256

ed7c7b0532ef7edc3a22795f2d5d60cbd7c7a3ffda4f1810e3b8295ca2fe0bf5
SHA512

bbd1ac4c13b47ae76698dfc296aa24e1975a1d9cebf7b1026b7622f4eafab4bac9fead8c20ced5715b3ff664f7ebf6d08ff8609011e3b68fa88713d7e69f323c
SSDEEP

384:hpi1PKtl50TsvT9bVNc2lb5svIuyx5Ct:hpi1PKtlMeVVN3Jo

Score

10^/10

revengerat guest stealer

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

0.tcp.ngrok.io:10068

0.tcp.ngrok.io:7896

192.168.40.100:10068

192.168.40.100:7896

Mutex

RV_MUTEX

Targets

- Target
  
  9bdc6f0dd016c900603d657e1e64cdbe_JaffaCakes118
- Size
  
  16KB
- MD5
  
  9bdc6f0dd016c900603d657e1e64cdbe
- SHA1
  
  67bd71301246fa33b916322f0bd594cb1ede6d29
- SHA256
  
  ed7c7b0532ef7edc3a22795f2d5d60cbd7c7a3ffda4f1810e3b8295ca2fe0bf5
- SHA512
  
  bbd1ac4c13b47ae76698dfc296aa24e1975a1d9cebf7b1026b7622f4eafab4bac9fead8c20ced5715b3ff664f7ebf6d08ff8609011e3b68fa88713d7e69f323c
- SSDEEP
  
  384:hpi1PKtl50TsvT9bVNc2lb5svIuyx5Ct:hpi1PKtlMeVVN3Jo
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

behavioral2