Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Client.exe

  • Size

    23KB

  • Sample

    240913-x2wnxstgll

  • MD5

    12127e146732656cfc4877ad45d22ed4

  • SHA1

    73e3b4c65b813dea1bca2a269e85740105c53718

  • SHA256

    0fb3580100336efca6c544a8c1d06591e8a579dce56dab29ffec305d3604abae

  • SHA512

    5ff955385a1de1add44eb4cc597b5c78db757c46a706d543c83fc53de5d39fa4935cd4fd5b9d382117c7886f02452ba8e40d47ec97d2cc766b499281ce467ff8

  • SSDEEP

    384:eb+cnNz7glTgMnmrBcNFEhmisbYpPyzAVFCzYcHe+Z:ebtlcjsCAV8zYcHe+Z

Malware Config

Extracted

Family

revengerat

Botnet

Guest

C2

127.0.0.1:333

Mutex

RV_MUTEX

Targets

    • Target

      Client.exe

    • Size

      23KB

    • MD5

      12127e146732656cfc4877ad45d22ed4

    • SHA1

      73e3b4c65b813dea1bca2a269e85740105c53718

    • SHA256

      0fb3580100336efca6c544a8c1d06591e8a579dce56dab29ffec305d3604abae

    • SHA512

      5ff955385a1de1add44eb4cc597b5c78db757c46a706d543c83fc53de5d39fa4935cd4fd5b9d382117c7886f02452ba8e40d47ec97d2cc766b499281ce467ff8

    • SSDEEP

      384:eb+cnNz7glTgMnmrBcNFEhmisbYpPyzAVFCzYcHe+Z:ebtlcjsCAV8zYcHe+Z

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • RevengeRat Executable

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks