revengerat | c3ce6ec95166597c6d7eb1c76446ac0efc8c52f77262329bb33b76df4bab72dd | Triage

Sharing

General

Target

c790902fad99bd96b57f5c154c68af06_JaffaCakes118
Size

16KB
Sample

240828-yxhryavhkl
MD5

c790902fad99bd96b57f5c154c68af06
SHA1

c4e0ae3c3b1c68aa7dc70be48d1d692ddf4bebd7
SHA256

c3ce6ec95166597c6d7eb1c76446ac0efc8c52f77262329bb33b76df4bab72dd
SHA512

42b76828ac49ea4f7f1f1a4817de463ede64f561713c7507e77b4406580e07bb7fe396039b67de64061a7a1b4d6ae78747149f02cec6dc705dd0e3fdeb8ca49f
SSDEEP

384:oJfTZMRYiVdf2QyYIz9muhNculb5s3f0byy5Ct:oJfTZMRYiVdu3hwuhNfoAo

Score

10^/10

revengerat guest stealer

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

0.tcp.ngrok.io:9753

Mutex

RV_MUTEX

Targets

- Target
  
  c790902fad99bd96b57f5c154c68af06_JaffaCakes118
- Size
  
  16KB
- MD5
  
  c790902fad99bd96b57f5c154c68af06
- SHA1
  
  c4e0ae3c3b1c68aa7dc70be48d1d692ddf4bebd7
- SHA256
  
  c3ce6ec95166597c6d7eb1c76446ac0efc8c52f77262329bb33b76df4bab72dd
- SHA512
  
  42b76828ac49ea4f7f1f1a4817de463ede64f561713c7507e77b4406580e07bb7fe396039b67de64061a7a1b4d6ae78747149f02cec6dc705dd0e3fdeb8ca49f
- SSDEEP
  
  384:oJfTZMRYiVdf2QyYIz9muhNculb5s3f0byy5Ct:oJfTZMRYiVdu3hwuhNfoAo
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

stealerguestrevengerat

behavioral1

behavioral2